> This is something that we need to be aware of.
> Microsoft to Rush out Emergency IE Patch (PC World)
> Published Sat, 25 Jul 2009 03:30:11 GMT
> PC World - Microsoft is taking the unusual step of rushing out two
> emergency
> security patches ahead of its regularly scheduled updates on Aug.
11.
> Yahoo! News
> Microsoft is taking the unusual step of rushing out two emergency
security
> patches ahead of its regularly scheduled updates on Aug. 11.
> The patches will include a critical fix for Internet Explorer as
well as a
> related Visual Studio patch rated "moderate" urgency by Microsoft.
> "The Internet Explorer bulletin will provide defense-in-depth
changes to
> Internet Explorer to help provide additional protections for the
issues
> addressed
> by the Visual Studio bulletin," Microsoft said in a late Friday.
> The patches are set to be released on Tuesday at 10:00 a.m. West
coast
> time.
> Microsoft didn't say exactly what it was fixing. The company
typically
> doesn't rush out these "out-of-band" emergency updates unless the
bug is
> being exploited
> by cyber criminals; however, in this case the flaws being patched
are not
> being leveraged in attacks, according to Microsoft.
> The problem appears to lie in a widely used Windows component
called the
> Active Template Library (ATL). to security researcher Halvar
Flake, this
> flaw is
> also to blame for an ActiveX bug that Microsoft identified earlier
this
> month. Microsoft issued a kill-bit patch for the problem on July
14, but
> after
> looking into the bug, Flake determined that the patch didn't fix
the
> underlying vulnerability, so new attacks are possible.
> Whatever the issue, the new patch should be a top priority for IT
staff
> next
> week. "When Microsoft goes to an out-of-band patch, I think it's
sensible
> for
> people to apply it," said Roger Thompson, chief research officer
with AVG
> Technologies.
> Microsoft didn't give a reason for the rushed update but it may be
trying
> to
> stay ahead of any public disclosure at next week's Black Hat
security
> conference
> in Las Vegas. The emergency updates are set to be released the day
before
> the Black Hat Briefings, where researchers Mark Dowd, Ryan Smith
and David
> Dewey
> According to security experts, thousands of Web sites have been
used to
> launch on-line attacks that exploit the ActiveX vulnerability
patched in
> July. The
> flaw was first reported to Microsoft more than a year ago.
>
__________ Information from ESET NOD32 Antivirus, version of virus
signature database 4280 (20090726) __________
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
