Microsoft rushes out VML patch
Widespread exploits force out-of-cycle update
Microsoft has released a one-off update that repairs an actively exploited vulnerability in the Vector Markup Language component of Windows.
The flaw could allow an attacker to take control of a system through a specially crafted website, or by sending out spam email messages.
Microsoft originally planned to release the patch on 10 October, as part of its monthly patch release cycle. The vendor issues ‘out-of-band’ updates in rare cases if it helps to halt active attacks.
The VML vulnerability surfaced last week when a small group of websites in Russia started exploiting the unpatched vulnerability.
Read more: vnunet.com