A fix for a serious security bug in Internet Explorer will be released on Tuesday (11 April). The bug in question is a "CreateTextRange" vulnerability, which was quickly exploited by malicious software writers.
Late last month, numerous maliciously constructed websites began attempting to exploit the "CreateTextRange" vulnerability to install Trojans, botnet clients and other forms on malware on victim PCs. This malicious activity, together with the lack of an immediate fix from Microsoft, prompted two security firms (Determina and eEye Digital Security) to each issue standalone patches to mitigate the risk of attack. Microsoft advised orgainsations to disable Active Scripting as a workaround.