Microsoft Might Patch IE Early [Updated]

With pressure from the security community mounting, Microsoft may issue an early patch for a recently discovered and exploited flaw in Internet Explorer (IE). The software company had originally expected to patch a flaw in IE's Vector Markup Language

Paul Thurrott

September 25, 2006

1 Min Read
ITPro Today logo in a gray background | ITPro Today

With pressure from the security community mounting, Microsoft might issue an early patch for a recently discovered flaw in Internet Explorer (IE) 6. The software company had originally expected to patch the flaw in IE's Vector Markup Language (VML) rendering component on October 10, Microsoft's next regularly scheduled security update release day.

There's just one problem: Attackers have already exploited the flaw. Over the weekend, an attack was disseminated through Web hosting providers by using another flaw in software that many such providers use. For now, Microsoft says that actual attacks are "limited" and aren't "dramatic and widespread," as some news accounts have alleged.

Regardless, Microsoft intends to ship its patch as soon as it's ready. " We have been working non-stop on an update to help protect from this vulnerability," Microsoft Security Response Center Operations Manager Scott Deacon wrote in a corporate blog Friday. "We've made some progress in our testing pass for the update and are now evaluating releasing this outside the monthly cycle, as we do any time customers are under threat and we believe we can issue an update that meets our quality bar for widespread deployment. So right now we're looking at where we hit that quality bar, and if that occurs prior to the monthly cycle, then we will release [a patch]."

Given the schedule Deacon alluded to in the blog, Microsoft could release an update at any time. In the meantime, for more information about the vulnerability and a list of workarounds for the flaw, see Microsoft Security Advisory 925568 at the URL below.

   http://www.microsoft.com/technet/security/advisory/925568.mspx

Read more about:

Microsoft

About the Author

Paul Thurrott

Paul Thurrott is senior technical analyst for Windows IT Pro. He writes the SuperSite for Windows, a weekly editorial for Windows IT Pro UPDATE, and a daily Windows news and information newsletter called WinInfo Daily UPDATE.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like