Mounting problem forces software giant to release VML patch ahead of its monthly security update.
With attackers finding new ways to exploit a critical flaw in Internet Explorer, Microsoft today released a patch for the problem, ahead of its next scheduled round of security updates.
The patch fixes a critical vulnerability in the way Internet Explorer renders VML (Vector Markup Language) graphics. Hackers had been exploiting the flaw, which also affects some versions of Outlook, for more than a week, and in recent days malicious activity had been on the upswing. Microsoft Security Bulletin MS06-055 discusses the problem and the patch. The out-of-cycle release is unusual, but not unprecedented.
Microsoft generally releases its security updates on the second Tuesday of every month, giving system administrators a predictable way to set aside time to test the new software. Occasionally, the company will release patches ahead of time if a flaw is being widely exploited by attackers. In January, it patched a critical flaw in the Microsoft Windows Metafile (WMF) image-rendering engine after it became a widespread problem.
Users can download the fix over here: http://www.microsoft.com/technet/security/bulletin/ms06-055.mspx