Microsoft Patches VML Flaw Before TimeInternet Explorer has a VML (Vector Markup Language) flaw, which hackers are trying to exploit by innovative techniques. However, Microsoft has designed and released a befitting patch on September 26, 2006 well before its planned date. The patch asserts to plug the loophole. The attackers have been continuously exploiting the flaw for over a week resulting in a considerable growth of malware activity. The early release of the patch indicates the crucial nature of flaw. Describing the flaw, the 'MS06-055 Security Bulletin' from Microsoft said that a successful hacker exploiting this vulnerability could gain complete command on the affected system. He could then install programs; view, alter or remove data; or create fresh accounts with full user rights. Microsoft usually releases security updates on second Tuesday of every month to give system administrators enough time for testing the new software. But if a loophole is critical that is exploited widely and rapidly, then the company releases patches before the scheduled date. Just a few days before the release of the patch, Scott Deacon of Microsoft said on his 'blog' that attacks are normally limited. This is based on their accumulated data. But there was some confusion that somehow attacks are sudden and widespread. So Microsoft is looking where it failed in quality and if that happens before the monthly cycle, it will release the fixes. Over 3,000 sites are reported to have infected computers with malware by exploiting the VML flaw. This has exceeded the attacks caused by WMF (Windows Metafile) vulnerability in January, when 6,000 websites reported to exploit the flaw. As per Ken Dunham of iDefense, experts have warned that the security patch may not have addressed other kinds of VML malware. Unlike VMF with which there weren't many modifications, the VML attacks have used techniques with different permutations and combinations. Before Microsoft released its VML patch, a group of independent security experts released a VML patch but hackers were able to manipulate that fix. Besides, e-mails too were seen distributing a fake patch to tackle the VML flaw but when downloaded, it installed malware on the recipient's personal computer. Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails ยป SPAMfighter News - 10/4/2006 |    |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!
 |  |
