The "createTextRange" vulnerability is serious. It isn't likely that Microsoft will release a patch until April 11. In the meantime there are two third-party patches available if you feel you must apply a patch ASAP.
One patch is available from Determina and the other is available from eEye Digital Security . I didn't test either of these patches so I can't vouch for them.
If you aren't comfortable with third-party patches then as a workaround you could disabled Active Scripting in IE so that Javascript won't run.
0 comments
Hide comments