News

Microsoft Releases Fix for VML Exploit

By Nate Mook | Published September 26, 2006, 3:47 PM

In what could be the quickest patch ever to be released by Microsoft, the company on Tuesday publicly issued a fix for the highly-publicized Vector Markup Language (VML) vulnerability affecting Office and Internet Explorer that surfaced last week and was being actively exploited by numerous attacks.

The exploits prompted two security firms to issue unofficial patches for the problem, and Microsoft promised on Friday to rush out out a fix. The company traditionally waits until its monthly Patch Tuesday to release updates, but it has issued out-of-cycle patches in the past when customers were at risk. Users can download the patch now from Windows Update.

Comments

prndll
Sep 27, 2006 - 11:03 PM

I wonder how many vulnerabilities will be created from this "fix"???????

I also wonder if this is a real fix???????

Score: 0

|
Post Reply
Frostek
Sep 27, 2006 - 5:30 PM

I'm sure it wasn't rushed out of the door what with all that publicity from a 3rd party patching their OS quicker than they could... :-)

Score: 0

|
Post Reply
mjm01010101
Sep 27, 2006 - 6:38 AM

No reboot. I'm not mad at MS anymore. :)

Score: 0

|
Post Reply
PC Rat
Sep 27, 2006 - 9:32 AM

...

"No reboot"

...

Yeah.

For the first while, most updates didn't require
a reboot.

But lately ALL updates have.

Maybe Microsoft has turned over a new leaf.

Nah !

...

The Computer Rodent

...

Score: 0

|
Post Reply
spiked
Sep 27, 2006 - 5:35 PM

It does require a reboot if VGX.DLL is loaded at the time of install. This DLL would only be loaded if you were browsing a page containing VML in IE (or any app using embedded IE) but since the Automatic Updates client tells people that they "can continue to work" during installation, there will be some people who get prompted to reboot.

Every update which requires a reboot does so for a reason. You don't often hear the reasons because they are too technical or uninteresting to the majority of Microsoft's 800 million users worldwide (keeping in mind that it only takes 400 million+1 to represent a majority).

Score: 0

|
Post Reply
PC Rat
Sep 27, 2006 - 2:59 AM

...

"Nice move Microsoft!
Fast!"

...

It's great seeing Microsoft being responsive
to their customer's needs for a change.

If this keeps up, Microsoft could reverse it's
negative puiblic image !

...

The Computer Rodent

...

Score: 0

|
Post Reply
Mike162005
Sep 26, 2006 - 7:01 PM

Got mine from Automatic updates today. Nice move Microsoft! Fast!

Score: 0

|
Post Reply

Silverlight 3 goes live on Microsoft's servers

Microsoft's answer to Adobe's Flash is (unofficially) here, with prospects of higher-speed, higher-resolution video and for the first time, 3D.

Three Android phones on the way from T-Mobile in 2009

T-Mobile's myTouch 3G, launched Wednesday, will be followed by two more Android phones later this year, but neither of them will be HTC's Hero.

Best Buy-brand TVs to get TiVo

A new alliance will place the retailer's own brand alongide the manufacturers, and could also lead to future partnerships on services.

LTE still lacks a voice

The 4G Wireless standard that Verizon hopes to show off before this year is out is still at a loss for (spoken) words.

Data sharing among online advertisers: Is sanity in sight?

Lockdown with Angela Gunn In the middle of a 15-page plea not to get regulated, a spark of smart thinking.

T-Mobile's strategy to combat Apple's iPhone with Android

With a trio of Android phones now in the pipeline for 2009, T-Mobile hopes to break the iPhone's emerging stranglehold.

EC's Reding: Government should act as broker for media downloads

If Internet media services don't step up and build an attractive way for users to start paying for downloads, a commissioner says, government may do the job instead.

Sony TVs get Netflix, still no PS3

Though it's coming in behind LG, Samsung, and Microsoft, Sony will begin to offer Netflix streaming, too.

Google Chrome OS: Too little, too early

Carmi Levy: Wide Angle Zoom Don't start the revolution just yet, says Carmi, who isn't so certain Chrome OS will be the "Windows Killer."

GAO pen test brings the hammer down on federal rent-a-cops

But are the computers to blame for the contract-guard fiasco at FPS?

What's Next: Chrome OS will have at least some friends in high places

Also: South Korea takes another round of DDoS abuse, and Neelie Kroes and Steve Ballmer may shake hands before she exits stage left.

Report: Evidence of further creativity with Windows 7 upgrade prices

A ZDNet blogger did some serious digging for clues as to a reported price break on multiple Windows 7 Home Premium licenses, and may have found it.

LimeWire for Windows 5.2.5 Beta

July 9 - 6:47 PM ET

Vuze for Windows 4.2.0.4

July 9 - 6:26 PM ET

UltraVNC 1.0.6.4

July 9 - 6:05 PM ET

WildBit Viewer 5.5 Beta 3.0

July 9 - 5:44 PM ET

Bvckup 1.0.0.239 Beta

July 9 - 5:30 PM ET

Microsoft Silverlight for Windows 3.0.40624.0

July 9 - 3:16 PM ET

AOL for Windows 9.5 Refresh Beta 11 (0.4337.74.1)

July 9 - 2:32 PM ET