News

Microsoft Releases Fix for VML Exploit

By Nate Mook | Published September 26, 2006, 3:47 PM

In what could be the quickest patch ever to be released by Microsoft, the company on Tuesday publicly issued a fix for the highly-publicized Vector Markup Language (VML) vulnerability affecting Office and Internet Explorer that surfaced last week and was being actively exploited by numerous attacks.

The exploits prompted two security firms to issue unofficial patches for the problem, and Microsoft promised on Friday to rush out out a fix. The company traditionally waits until its monthly Patch Tuesday to release updates, but it has issued out-of-cycle patches in the past when customers were at risk. Users can download the patch now from Windows Update.

Comments

View comments by with a score of at least

prndll
Sep 27, 2006 - 11:03 PM

I wonder how many vulnerabilities will be created from this "fix"???????

I also wonder if this is a real fix???????

Score: 0

|
Post Reply
Frostek
Sep 27, 2006 - 5:30 PM

I'm sure it wasn't rushed out of the door what with all that publicity from a 3rd party patching their OS quicker than they could... :-)

Score: 0

|
Post Reply
mjm01010101
Sep 27, 2006 - 6:38 AM

No reboot. I'm not mad at MS anymore. :)

Score: 0

|
Post Reply
PC Rat
Sep 27, 2006 - 9:32 AM

...

"No reboot"

...

Yeah.

For the first while, most updates didn't require
a reboot.

But lately ALL updates have.

Maybe Microsoft has turned over a new leaf.

Nah !

...

The Computer Rodent

...

Score: 0

|
Post Reply
spiked
Sep 27, 2006 - 5:35 PM

It does require a reboot if VGX.DLL is loaded at the time of install. This DLL would only be loaded if you were browsing a page containing VML in IE (or any app using embedded IE) but since the Automatic Updates client tells people that they "can continue to work" during installation, there will be some people who get prompted to reboot.

Every update which requires a reboot does so for a reason. You don't often hear the reasons because they are too technical or uninteresting to the majority of Microsoft's 800 million users worldwide (keeping in mind that it only takes 400 million+1 to represent a majority).

Score: 0

|
Post Reply
PC Rat
Sep 27, 2006 - 2:59 AM

...

"Nice move Microsoft!
Fast!"

...

It's great seeing Microsoft being responsive
to their customer's needs for a change.

If this keeps up, Microsoft could reverse it's
negative puiblic image !

...

The Computer Rodent

...

Score: 0

|
Post Reply
Mike162005
Sep 26, 2006 - 7:01 PM

Got mine from Automatic updates today. Nice move Microsoft! Fast!

Score: 0

|
Post Reply

Google Chrome 4: Yes, it's fast, but is it usable?

As Betanews readers have responded to our stories about Chrome's JavaScript superiority...Does that mean we'd actually use this browser? Well...

Video: Netflix on PlayStation 3

Netflix has come to the PlayStation 3 via Blu-ray and BD-Live.

Verizon Wireless launches new Android, Chocolate, and ruggedized phones

The lower-priced Eris joins the Droid, while the Chocolate gets a touchscreen and more music playback.

Early sales figures for Windows 7 nicely high, but do we know why?

Fans of triple-digit surges in figures quoted by Betanews will love this one, as it appears Microsoft rediscovered how to pull off a software launch.

Myka announces its latest Linux-based 'net top box'

Myka's ION brings Boxee, XMBC, and much more to HDTVs.

What hath Mac wrought? A remembrance after a quarter-century

The reason there's a Macintosh today is not because of some brilliant flash of engineering genius, but because Apple had the audacity to learn from its mistakes.

Early build of Moblin 2.1 improves connectivity, but not device support

The Linux Foundation's Atom-centric OS yesterday received a major overhaul with the project release of Moblin 2.1 for netbooks and nettops.

The iPhone's China syndrome: Sales of 5,000 and climbing

There's actually a country where Apple's device is not a godsend, where sales can be measured in the dozens.

New European counterpart to FCC will ensure 'a more neutral net'

Late Thursday night, the ruling telecom administrators of the EU's member nations signed away their final authority to a new entity overseen by the EC.

Sophos study suggests Windows 7 UAC's default setting is self-defeating

Without any anti-virus installed, a Sophos test showed, User Account Control was only capable of thwarting just one malware package out of ten samples chosen.

Indiscreet tweet trips awareness of Web SSL vulnerability

A group of high-level security engineers had been making progress on thwarting a low-level threat to the Web, until somebody blurted it all out on Twitter.