Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Patches VML Vulnerability

Posted by ryuzaki0 on from the not-a-moment-too-soon dept.

Uncle Rummy writes, "Microsoft has quietly released an official patch for the zero-day VML vulnerability. The patch was publicly available yesterday, But Microsoft has just added it to the Security Bulletin Index." Eight days from time of first report to patch is pretty fast for Microsoft, and is almost two weeks ahead of their normal patch schedule. This security flaw was being aggressively exploited out in the wild.

4 of 130 comments (clear)

  1. Not a bad turnaround by dynemo · · Score: 2, Interesting

    Sometimes, I feel like security researchers are intentionally disclosing their new vulnerability information as close to the "Patch Tuesday" as possible in an attempt to force Microsoft to release an out of cycle patch. This time they were successful.

    --
    "Give up hope, dreams are for suckers."
  2. Re:XP SP2 problems by Christopher_G_Lewis · · Score: 1, Interesting

    Why oh why in the world do you still have machines at SP1?

    What's the name of your organization. I'd like to make sure I don't have any of your stock.

    --
    www.christopherlewis.com
  3. Re:XP SP2 problems by plague3106 · · Score: 1, Interesting

    SP1 isn't supported anymore, so I don't know why you're still running it. At any rate, I would install SP2 before going off to install other patches anyway...

  4. Re:Not an issue for some by hal2814 · · Score: 1, Interesting

    "The "integration into the OS" is that Internet Explorer is tied to Explorer, the Windows Shell."

    Which is part of the window manager which according to this image from microsoft.com has been run in kernel mode since NT 4.0 (Article ref). If that weren't the case, then Explorer could not hang the window manager (which it sometimes does).