One week after confirming a code execution flaw in its flagship Internet Explorer browser, Microsoft has shipped a "killbit" package to disable the affected control, javaprxy.dll. The killbit, also known as a registry key update, is one of seven pre-patch workarounds in a revised security bulletin released by software engineers at the Microsoft Security Response Center.
Since the advisory was first issued on June 30, Microsoft Corp. has pushed out two revisions with new information to counter the public release of exploit code on security Web sites and mailing lists. In addition to the killbit package, which will be part of a future security bulletin, Microsoft is also recommending that users set Internet and local intranet security zone settings to "High" before running ActiveX controls in these zones.
News source: eWeek