Microsoft Releases VML Patch Ahead of Schedule
REDMOND, WA — Microsoft isn’t famous for moving quickly, but by its pre-existing standards, it moved at the speed of bandwidth when it released its Vector Markup Language (VML) patch two weeks ahead of schedule.Originally expected on October 10th, the patch repairing a critical flaw in both Internet Explorer and Outlook 2003 has been made available prior to the regularly scheduled monthly update release.
Along with the emergency release, Microsoft announced that it is working with the appropriate authorities in order to find out who encoded the VML exploit, which springs into action when accessed via an infected website’s pages. Porn sites appear to have been the infection source of preference for the hackers.
First discovered by Sunbelt Software, a vulnerability in the browser allows remotely executed code to be activated without the victim knowing it. Upon investigation, Sunbelt Software realized that a similar — and even more accommodating — opening exists in Outlook 2003. While it’s estimated that more than 3,000 websites currently carry the malicious code, all a user of Outlook needs to do is receive an HTML email.
Zeroday Emergency Response Team (ZERT) released the patch first and it can be downloaded from here: http://www.microsoft.com/athome/security/update/bulletins/200609.mspx.