> This is something that we need to be aware of.
> Microsoft to Rush out Emergency IE Patch (PC World)
> Published Sat, 25 Jul 2009 03:30:11 GMT
> PC World - Microsoft is taking the unusual step of rushing out two
> security patches ahead of its regularly scheduled updates on Aug.
> Yahoo! News
> Microsoft is taking the unusual step of rushing out two emergency
> patches ahead of its regularly scheduled updates on Aug. 11.
> The patches will include a critical fix for Internet Explorer as
well as a
> related Visual Studio patch rated "moderate" urgency by Microsoft.
> "The Internet Explorer bulletin will provide defense-in-depth
> Internet Explorer to help provide additional protections for the
> by the Visual Studio bulletin," Microsoft said in a late Friday.
> The patches are set to be released on Tuesday at 10:00 a.m. West
> Microsoft didn't say exactly what it was fixing. The company
> doesn't rush out these "out-of-band" emergency updates unless the
> being exploited
> by cyber criminals; however, in this case the flaws being patched
> being leveraged in attacks, according to Microsoft.
> The problem appears to lie in a widely used Windows component
> Active Template Library (ATL). to security researcher Halvar
> flaw is
> also to blame for an ActiveX bug that Microsoft identified earlier
> month. Microsoft issued a kill-bit patch for the problem on July
> looking into the bug, Flake determined that the patch didn't fix
> underlying vulnerability, so new attacks are possible.
> Whatever the issue, the new patch should be a top priority for IT
> week. "When Microsoft goes to an out-of-band patch, I think it's
> people to apply it," said Roger Thompson, chief research officer
> Microsoft didn't give a reason for the rushed update but it may be
> stay ahead of any public disclosure at next week's Black Hat
> in Las Vegas. The emergency updates are set to be released the day
> the Black Hat Briefings, where researchers Mark Dowd, Ryan Smith
> According to security experts, thousands of Web sites have been
> launch on-line attacks that exploit the ActiveX vulnerability
> July. The
> flaw was first reported to Microsoft more than a year ago.
__________ Information from ESET NOD32 Antivirus, version of virus
signature database 4280 (20090726) __________
The message was checked by ESET NOD32 Antivirus.