Information Security / Items

Microsoft to ship emergency IE, Visual Studio patches | Zero Day | ZDNet.com

Get Feed

Description: Less than a month after a first pass at patching a troublesome flaw affecting its dominant Internet Explorer browser, Microsoft has announced plans to release two emergency updates with a comprehensive fix for the problem.

The unusual move comes on the heels of a bombshell blog post by reverse engineering specialist Halvar Flake that the original IE kill-bit fix was “insufficient” and that Microsoft “might have accidentally introduced security vulnerabilities into third-party products.”

Microsoft declined to discuss specifics of the emergency patches until tomorrow (July 28, 2009) but a source tells me that it is directly linked to the Microsoft Video ActiveX Control (msvidctl.dll) issue that was being exploited in the wild.

Original URL: http://blogs.zdnet.com/security/?p=3803&tag=nl.e019

http://blogs.zdnet.com/security/?p=3803&tag=nl.e019

Report This

Twine is about discovering, collecting and sharing the content that interests you. Learn More

Join Twine

JDP

JDP

HTML Tag	Attributes
<a href="URL"><a href="#">link</a></a>	'href', 'target', 'rel'
<strong>strong</strong>
<b>bold</b>
<blockquote> blockquote </blockquote>
<em>emphasis</em>
<i>italic</i>
<img src="URL">	'src', 'width', 'height', 'alt', 'title'
<u>underlined</u>
<s>~~strike~~</s>
<del>~~deleted~~</del>