A new critical flaw in Microsoft Internet Explorer 6.0 has been fully disclosed to the Internet along with proof-of-concept code. Secunia released a detailed advisory here. This latest flaw allows the execution of arbitrary code which means a Windows XP computer running Internet Explorer 6 can be completely compromised by visiting a malicious website. IE6 users are advised to use the following workarounds until an official patch is released.
- How to stop Active Scripting for home users.
- How to stop Active Scripting company wide.
This is a temporary solution and may cause certain sites to not work. In order to make them work, you'll need to add those legitimate sites that needs to have Active Scripting working to the trusted zone in IE. This is not a simple or desirable solution but it is the only solution that Microsoft gives you as a temporary workaround. This IE6 vulnerability is serious enough that Microsoft should immediately create an out-of-cycle patch before the next monthly patch and spend less time lecturing about Apple's missteps. Microsoft was forced to release an emergency patch for the WMF vulnerability in January. Waiting for next months cycle for a zero-day critical flaw is unacceptable.