update your Microsoft

Posted: September 26, 2006 10:37 pm by rooty
Filed under: safe_data

Next in an on-going series of Internet Explorer vulnerabilities… Microsoft has acknowledged a vulnerability in IE’s handling of VML (Vector Markup Language). As the Outlook email client uses IE to render html email messages, the hacker world has already created a “WebAttacker” toolkit, to exploit this weakness. There is a good writeup on Internetnews.com

If you don’t care to wait for Microsoft to release the next patch, you can find simple instructions on “un-registering” the vgx.dll via a posting on Sunbelt’s Blog (Sunbelt Software discovered the exploit).

In the meantime, you shouldn’t really use “preview” mode anyway, this is exactly the kind of “got-cha” that you don’t even have to open the email.

Update 20060926 - Looks like Microsoft has updated the Security Notes (I received automatic updates as well) :
http://www.microsoft.com/technet/security/advisory/925568.mspx
http://www.microsoft.com/technet/security/bulletin/ms06-055.mspx

Be sure to check for available updates from microsoft, on your computers.

/;^)

Add your comments

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word