Microsoft releases official VML patch!!



The big news this afternoon is that Microsoft HAS gone out of the routine patch cycle to release a security fix for the VML vulnerability that’s been actively exploited in recent days for everything from sneak keylogger installs to massive spyware installs. Sans has a few links, if you de-registered the affected DLL you should consider re-registering the same so that you’ll be able to view/access vml content in the future. Here’s Microsoft’s technet Security Bulletin on the matter. (Visit update.microsoft.com if it’s not automatically downloaded for you.) It should be noted that the RC of IE 7 was not affected by this vulnerability.


A few days ago, I speculated that the way to get this patched by 9/25/06 was if it were discovered that the vulnerability were being used to strip DRM from Microsoft’s Windows Media audio/video files…. I’m glad to see that they did it early without their DRM future at stake….

Also, I should mention if you’ve installed the unofficial patch, uninstall that at this time as well. Brian Krebs at the Security Fix also has coverage on this.

Good job Microsoft, thanks for going “out of cycle” to get this update out there.

Related Posts

Blog Traffic Exchange Related Posts
  • Another problem with one of the Microsoft Patches... Last month, April, the Microsoft patch cycle had one problem patch that broke certain explorer extensions (most notable some HP software...) This time around it looks like the Flash patch that they distributed has given a few people fits. For starters, yes it's odd for Microsoft to distribute a patch......
  • Microsoft security roundup OK - there have been a number of Excel problems floating around in the last week - week and a half. Securiteam blog has a FAQ on the Excel 0-day vulnerabilities with Excel and Excel Viewer Incidents.org kindly gives us a scoresheet documenting the three different vulnerabilities that have been......
  • Microsoft advisory on Sober "Awakening" Microsoft has posted a security advisory (912920) on the previously reported "awakening" of the Sober worm, expected January 6th. Systems that are infected with Win32/Sober.Z@mm may download and run malicious files from certain Web domains beginning on January 6, 2006 Further they give the following note.... Microsoft will release an......
Blog Traffic Exchange Related Websites
  • Microsoft Security Bulletin MS10-046 - Critical Microsoft Security Bulletin MS10-046 - Critical Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198) Published: August 02, 2010 | Updated: August 03, 2010 Version: 1.1 General Information Executive Summary This security update resolves a publicly disclosed vulnerability in Windows Shell. The vulnerability could allow remote code execution if the icon......
  • Steadfast Finances was Hacked, Now Restored. (Thanks HostGator!) Last week, several lines of "seemingly malicious code" found its way into SF's theme. This prompted Google, Firefox, Google Chrome and even Twitter, to quickly label this blog as a "Reported Attack Site". If you happened to visit SF from the RSS feed, the email subscriber list, or basically clicked......
  • What is Patch Tuesday? Excellent explanation of Patch Tuesday by TMI Engineering Patch Tuesday is the second Tuesday of each month, the day on which Microsoft releases security patches. Starting with Windows 98, Microsoft included a "Windows Update" system, that would check for patches to Windows and its components which Microsoft would release intermittently. With......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site