Pavlov Scope

Here we are again – another unpatched IE bug has just been announced. This one is similar to the issue last Dec. 2005 (described here ) in that disabling Active Scripting – Internet Explorer’s JavaScript engine – prevents the flaw from being exploited.

The official “word” from Microsoft is here , but the gist for non-technical users out there is that this is a remotely exploitable (meaning, your computer can be compromised without having local access to your physical computer) and critical flaw that can allow an attacker, virus, or spyware (etc.) to run programming code on or infiltrate your computer or network.

There is a exploit code now publicly available that utilizes this flaw, so it is only a matter of time (short amount of time) before spyware, adware , phishers , virus writers, and hackers adapt the code for more nefarious purposes.

Microsoft has not issued a patch yet, but is working on one now, so stay tuned for an “out of cycle” patch to be released. I will let you know here as soon as I am notified.

In the meantime, always know that there are other browsers to use when IE has flaws like this – I recommend either Firefox  (with the Adblock, NoScript, and Fasterfox extensions ) and Opera  (now version 8.53).

Avoid using Internet Explorer for the next few days if at all possible. Once I’ve installed and tested the forthcoming patch, I’ll post on this blog.