Though a true patch will still be shipped in the future, Microsoft this week shipped an installable workaround for a recently revealed Internet Explorer (IE) security flaw that its discoverer described as "extremely critical." The workaround essentially modifies Windows registry settings, an action Microsoft previously described in a security bulletin. But because many Windows users aren't sophisticated enough to make this change manually, the company has shipped a software-based workaround that does it for them.
The IE flaw affects the Microsoft Java Virtual Machine (JVM) and could be exploited to crash the browser or allow remote code to run on the exploited machine. It affects a wide range of IE versions running on many different Windows versions.
Microsoft says that the software workaround will be propagated to Windows Update/Microsoft Update and Automatic Updates as soon as possible. It will eventually be superseded by a true security patch that fixes the problem. The workaround simply disables part of the Microsoft JVM.