March 15, 2010, 2:16 PM — Last week, Microsoft got yet another security black eye when a new, ready-to-be exploited IE security hole was revealed. This week, Microsoft is trying to redeem itself with a pair of quick fixes for the problem.
The IE 6 and 7 security hole is a serious one and it's already being exploited so you should head over to Microsoft support for one of the two fixes for this IE problem. No, you read that right. There are two separate fixes. Unfortunately, no matter which one you pick, they come with potential problems.
The first one disables the peer factory class in the Windows registry. 'Peer factory' is used by the iepeers.dll binary program in IE 6 and 7 on Windows XP and Windows Server 2003 to call some kinds of Windows functionality from within IE. The most common way it's used is to print from IE. The downside of this fix, as you might guess, is that it will stop IE's print functionality from working.
The second fix works by enabling DEP (Data Execution Prevention) for Internet Explorer 6 and 7. When DEP is on, it prevents programs from working if they try to run in memory that's not been specifically set aside for running software. This fix won't work, however, on Windows 2000 or other ancient versions of Windows.
The DEP fix also won't work on older PCs without processors that support DEP. You can find out if your processor can handle DEP by going to Start, clicking Run, and then running the following command:
wmic OS Get DataExecutionPrevention_Available
in the Open box and click OK. If it returns 'TRUE' then your computer can work with this fix.
Neither of these is a permanent repair. For that, we're still going to have to wait. But, we may not have to wait until the next Patch Tuesday in April.
According to a Microsoft security blog posting by Jerry Bryant, Microsoft's senior security communications Lead, "We have seen speculation that Microsoft might release an update for this issue out-of-band. I can tell you that we are working hard to produce an update which is now in testing. This is a critical and time intensive step of the process as the update must be tested against all affected versions of Internet Explorer on all supported versions of Windows. Additionally, each supported language version needs to be tested as well as testing against thousands of third party applications. We never rule out the possibility of an out-of-band update. When the update is ready for broad distribution, we will make that decision based on customer needs."
There's a lot of hemming and hawing in what he had to say so I'm not going to be holding my breath waiting for an early patch. Instead, let me just remind all of you again that there's a bunch of other free, easy-to-install Web browsers like Chrome and Firefox, which are already invulnerable to this latest IE security hole. I'm just saying ...
