Microsoft has confirmed it plans to release a fix for a serious security bug in Internet Explorer next Tuesday (11 April). The fix for the "CreateTextRange" vulnerability - which has become the subject of hacker exploits over recent days - will be released as a cumulative update to Internet Explorer along with four other security bulletins (details here (http://www.microsoft.com/technet/security/bulletin/advance.mspx)).

Late last month, numerous maliciously constructed websites began attempting to exploit the "CreateTextRange" vulnerability to install Trojans, botnet clients and other forms on malware on victim PCs. This malicious activity, together with the lack of an immediate fix from Microsoft, prompted two security firms (Determina and eEye Digital Security) to each issue standalone patches to mitigate the risk of attack. Microsoft advised orgainsations to disable Active Scripting as a workaround.

Internet Explorer has become the subject of a number of unpatched vulnerabilities over recent weeks. In the latest such incident, security notification firm Secunia warned (http://secunia.com/advisories/19521/) this week of an unpatched flaw in IE that might be used to spoof the address bar in a browser. Because of this behaviour, the bug might be used to make phishing attacks more convincing. ®

Related stories

MS releases long-awaited IE fix (12 April 2006)
http://www.channelregister.co.uk/2006/04/12/ms_patch_tuesday/
Infected Windows PC? Just nuke it (5 April 2006)
http://www.channelregister.co.uk/2006/04/05/ms_security_mea_culpa/
Unofficial zero-day patches gain corporate support (4 April 2006)
http://www.channelregister.co.uk/2006/04/04/0-day_patch_survey/
Microsoft patches IE after Eolas ruling (3 April 2006)
http://www.theregister.co.uk/2006/04/03/ms_patches_ie/
Hackers use BBC story to bait IE exploit (31 March 2006)
http://www.channelregister.co.uk/2006/03/31/ie_exploit_bbc_bait/
Patches released for zero-day IE threat (29 March 2006)
http://www.channelregister.co.uk/2006/03/29/ie_patches_released/
eEye issues workaround against unpatched IE flaw (28 March 2006)
http://www.channelregister.co.uk/2006/03/28/eeye_ie_workaround/
'Critical' IE bug threatens PC users (27 March 2006)
http://www.theregister.co.uk/2006/03/27/another_ie_security_flaw/