Last week I talked about a new exploit that was identified in Internet Explorer. The source of the problem was a bug in the Vector Markup Language. In non-geek terms it is the way that some graphics are handled in IE.

For those that have automatic updates turned on you would have seen a critical update come in. I hope you downloaded and installed it as this was the patch to fix this problem. Microsoft only breaks the Patch Tuesday regular updates when a security problem is deemed critical. That is there is a possibility of a large number of users to be affected. It would seem that was about to happen.

Interestingly, a third party non-genuine Microsoft company had already released a patch for the security bug. Zero day Emergency Response Team or ZERT, released their patch just days before Microsoft released the official version. It is believed that this placed extra pressure on Microsoft to come good and release a patch early. My question is that is a third party group can come up with a patch in under a week then why can’t Microsoft? But they can release a patch that addresses the ability to subvert their own WMA DRM security within days of hearing about it!

So heads up people and remember to update if you have not already!

This entry was posted on Thursday, September 28th, 2006 at 10:11 pm and is filed under General. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.