Microsoft releases official VML patch!!



The big news this afternoon is that Microsoft HAS gone out of the routine patch cycle to release a security fix for the VML vulnerability that’s been actively exploited in recent days for everything from sneak keylogger installs to massive spyware installs. Sans has a few links, if you de-registered the affected DLL you should consider re-registering the same so that you’ll be able to view/access vml content in the future. Here’s Microsoft’s technet Security Bulletin on the matter. (Visit update.microsoft.com if it’s not automatically downloaded for you.) It should be noted that the RC of IE 7 was not affected by this vulnerability.


A few days ago, I speculated that the way to get this patched by 9/25/06 was if it were discovered that the vulnerability were being used to strip DRM from Microsoft’s Windows Media audio/video files…. I’m glad to see that they did it early without their DRM future at stake….

Also, I should mention if you’ve installed the unofficial patch, uninstall that at this time as well. Brian Krebs at the Security Fix also has coverage on this.

Good job Microsoft, thanks for going “out of cycle” to get this update out there.

Related Posts

Blog Traffic Exchange Related Posts
  • Adobe Acrobat reader update On the heels of yesterdays massive update day from Microsoft, Adobe has released an update for the free Adobe Reader. The Adobe reader is one of those ALMOST essential applications that MOST everyone has installed. So, this will be of particular interest to MOST computer users. A SERIOUS security flaw......
  • Microsoft advisory on Sober "Awakening" Microsoft has posted a security advisory (912920) on the previously reported "awakening" of the Sober worm, expected January 6th. Systems that are infected with Win32/Sober.Z@mm may download and run malicious files from certain Web domains beginning on January 6, 2006 Further they give the following note.... Microsoft will release an......
  • Another problem with one of the Microsoft Patches... Last month, April, the Microsoft patch cycle had one problem patch that broke certain explorer extensions (most notable some HP software...) This time around it looks like the Flash patch that they distributed has given a few people fits. For starters, yes it's odd for Microsoft to distribute a patch......
Blog Traffic Exchange Related Websites
  • Microsoft Security Bulletin MS10-046 - Critical Microsoft Security Bulletin MS10-046 - Critical Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198) Published: August 02, 2010 | Updated: August 03, 2010 Version: 1.1 General Information Executive Summary This security update resolves a publicly disclosed vulnerability in Windows Shell. The vulnerability could allow remote code execution if the icon......
  • Steadfast Finances was Hacked, Now Restored. (Thanks HostGator!) Last week, several lines of "seemingly malicious code" found its way into SF's theme. This prompted Google, Firefox, Google Chrome and even Twitter, to quickly label this blog as a "Reported Attack Site". If you happened to visit SF from the RSS feed, the email subscriber list, or basically clicked......
  • Why Bots are Bad News to your Network… Any security vulnerability is potentially damaging to a business, and bots are no different. When malware programs are running on employee machines, companies have the right to worry about the safety and integrity of their data and their systems, and whether compromised information and performance could affect not just their......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site