[ news_security_news ]
Microsoft Releases VML Patch
David Utter
Staff Writer
2006-09-26
 Insider Reports RSS Feed
A rare out-of-band patch release began hitting Windows PCs last night and today, as Microsoft responded to reports of widening attacks against the Internet Explorer VML flaw and the arrival of an unofficial patch by third-party security researchers at ZERT for the problem.
Users of IE will not have to wait until the regularly scheduled October 10th "Patch Tuesday" updates to receive an official fix for the VML flaw that was revealed a week ago.
Automatic Updates, Microsoft Update, and Windows Update should have begun picking up the patch already, according to Microsoft's Craig Gehre, who blogged about the rollout of the update.
Scott Deacon also posted about the patch, and provided this advisory to those who used other workarounds to the VML problem:
One thing to note, we recommend that you undo any of the previously recommended workarounds involving VGX.DLL before applying this update. Information on how to undo those workarounds is detailed in the bulletin. This is very important because if you do not revoke the VGX.DLL changes, the update could fail to install or deploy.
Microsoft also rereleased the fix for issue MS06-049M again. That fix corrected a problem with "a niche issue involving data corruption in combination with NTFS compression for Windows 2000 customers," wrote Deacon. "The original update protected against the vulnerability, but we wanted to make sure we were addre"ssing the compression issue for customers.
---
Tags: Microsoft, VML
Add to  Del.icio.us |  Digg |  Yahoo! My Web |  Furl
Bookmark SecurityProNews - 
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More news_security_news Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
