As expected, Microsoft has issued a patch two weeks early to plug a security hole that has been exploited by cybercriminals
Microsoft issued a "critical" security fix for Windows on Tuesday, two weeks before its scheduled release date.
The company is breaking with its monthly patch cycle to fix a flaw that cybercrooks have been using to attack Windows PCs via Internet Explorer. Malicious software can be loaded, without the user's knowledge, onto a vulnerable Windows PC when the user clicks on a malicious link on a Web site or in an email message.
"An attacker could exploit the vulnerability by constructing a specially crafted Web page or HTML email that could potentially allow remote code execution if a user visited the Web page or viewed the message," Microsoft said in security bulletin MS06-055. Email messages that use HTML, or HyperText Markup Language, look like a Web page.
The vulnerability does not apply to IE 7, the upcoming version of IE that is available right now in a pre-release form, Microsoft said.
Microsoft typically releases fixes on each second Tuesday of the month, which has become known as Patch Tuesday. The last time the software maker rushed out a fix was in January, when another image-related flaw in IE was being used to compromise Windows PCs through malicious Web sites.
View: Full Article @ ZDNet
Microsoft issued a "critical" security fix for Windows on Tuesday, two weeks before its scheduled release date.
The company is breaking with its monthly patch cycle to fix a flaw that cybercrooks have been using to attack Windows PCs via Internet Explorer. Malicious software can be loaded, without the user's knowledge, onto a vulnerable Windows PC when the user clicks on a malicious link on a Web site or in an email message.
"An attacker could exploit the vulnerability by constructing a specially crafted Web page or HTML email that could potentially allow remote code execution if a user visited the Web page or viewed the message," Microsoft said in security bulletin MS06-055. Email messages that use HTML, or HyperText Markup Language, look like a Web page.
The vulnerability does not apply to IE 7, the upcoming version of IE that is available right now in a pre-release form, Microsoft said.
Microsoft typically releases fixes on each second Tuesday of the month, which has become known as Patch Tuesday. The last time the software maker rushed out a fix was in January, when another image-related flaw in IE was being used to compromise Windows PCs through malicious Web sites.
View: Full Article @ ZDNet
Where's the Cybermuggers and cybertheifs?
BTW, all the "cybertheifs" are off running their cyberspellcheckers so they can be properly labeled "cyberthieves."
Microsoft + ready fix + now = good
exactly, how many times have they had to patch the patches when they didn't rush?
"Installing update (1 of 1).."
then
"Please do not reboot and turn off your PC; machine will be restarted automatically"
(Or something along those lines).
I had to press the reset button to get it to reboot.
Again, nothing was recorded on Event Viewer.
Edit: Because I'm using Ie7 beta - d'oh!
Last edited by shirike on 27 Sep 2006 - 17:31
The patch was released Tuesday, and the news posted Wednesday. That's, like, ummm..., the next day or something.
"Old news", indeed!
Just to get a headline when it push the patch out earlier?
The excuse of "stable schedule" does not hold water. It was as stable as they wanted it before. Now it is a matter of waiting.
Yeah, and we all know how stupid most corporations are when it comes to planning and actually doing it! What difference does it make whatsoever, what day the patches are rolled out. They come out Tuesday, some corporation decides that Thursdays are their updates, and poof, it's done on Thursday. Not to tough! That excuse is about as lame as it can get!
Meanwhile, Firefox 2.0 hit RC1 today.
Coincidence?
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.