« EMC Acquires Network Intelligence | Main | Missing Hardware Anyone? »

A vulnerability associated with the Vector Markup Language (VML) was first discovered around September 19th. It was initially discovered when shady pornography websites were exploited resulting in massive loading of adware. Read CNet's article - Porn Sites exploit new IE flaw. The specifics of the vulnerability concern vgx.dll, a component of the VML subsystem.

Since then, Microsoft has apparently seen enough to warrant breaking its usual practice to push out fixes on its monthly Patch Tuesday. It released a new fix together with the following comment in its security advisory MS06-055
"If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately."

Microsoft doesn't often break its cycle of monthly Patch Tuesdays but it did this time...perhaps in part due to third party pressure. A number of other groups supplied "unofficial" fixes over a week ago that perhaps forced Microsoft to act. In any case, it was the right thing to do.

Posted by andreyee in Alerts/Warnings |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/735