Microsoft rushes out VML patch

by admin September 27, 2006 at 5:32 pm

Widespread exploits force out-of-cycle update

Microsoft has released a one-off update that repairs an actively exploited vulnerability in the Vector Markup Language component of Windows.

The flaw could allow an attacker to take control of a system through a specially crafted website, or by sending out spam email messages.

Microsoft originally planned to release the patch on 10 October, as part of its monthly patch release cycle. The vendor issues ‘out-of-band’ updates in rare cases if it helps to halt active attacks.

The VML vulnerability surfaced last week when a small group of websites in Russia started exploiting the unpatched vulnerability.

Read more: