Wednesday, September 27, 2006

Latest Zero-day IE Hole Patched

Get this fix right away: Microsoft released an unusual out-of-cycle patch yesterday for the latest zero-day hole in Internet Explorer 6 that can hit fully patched systems (up until yesterday) with a drive-by-download.


The threat involves images in a little-used Microsoft format called VML, for vector markup language. Microsoft had originally said it would release a patch on its next scheduled update day, Oct. 10. But my colleague Robert McMillan at the IDG news service reported that there are already thousands of Web sites exploiting this VML graphics bug. So to their credit, Microsoft moved more quickly than they originally stated. The ongoing attacks against the similar similar WMF hole from January likely played a part.

source

Tags: Zero-day | vector | Patch | format | Microsoft | latest | internet | IE

No comments: