Microsoft breaks schedule for early IE patch

A serious flaw in VML -- and pressure from the security industry -- resulted in an out-of-cycle patch from Microsoft.

Microsoft bypassed its monthly Patch Tuesday schedule this week to release a fix for a flaw in the Vector Markup Language (VML) that the SANS Internet Storm Center and other virus watchdogs flagged as unusually dangerous.

A Microsoft spokesperson said the company moved up the Oct. 10 release date to head off an exploit that takes advantage of how recent versions of Internet Explorer and Outlook handle malformed VML tags. One particular malformation can cause a buffer overflow and allow arbitrary code to run on the machine affected.

Details of the flaw and the patch procedure are available.

To read the original version of this story, visit SearchSecurity.com.

Dig deeper on Threat management and prevention

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

MicroscopeUK

SearchCloudProvider

SearchSecurity

SearchStorage

SearchNetworking

SearchCloudComputing

SearchConsumerization

SearchDataManagement

SearchBusinessAnalytics

Close