Microsoft Releases Emergency Patch

Microsoft usually releases patches on the 2nd Tuesday of each month. However, there have been so many problems with the unpatched VML hole that Microsoft has departed from that patch release pattern. Today, they released patches to fix that vulnerability.

Microsoft released an email statement about the early patch release:

“Microsoft released security update MS06-055, outside of the regular monthly update release schedule, to help protect customers from exploitation of a publicly known vulnerability in the Windows operating system, in response to malicious and criminal attacks on computer users that were recently discovered.

MS06-055 addresses a vulnerability in Vector Markup Language rendering, a component of Windows, and has a maximum severity rating of Critical. The update addresses a vulnerability that could allow an attacker to take complete control of a system remotely.>Microsoft originally planned to release the update on Tuesday, October 10, 2006 as part of its regular monthly release of security bulletins. However, Microsoft is aware of the existence of a public attack utilizing the vulnerability. Since testing has been completed earlier than anticipated, Microsoft has released the update ahead of schedule to help protect customers. >

Microsoft’s monitoring of attack data continues to indicate that the attacks and customer impact is limited, however Microsoft is actively monitoring this situation to keep customers informed and to provide customer guidance as necessary. Microsoft continues to encourage all customers to download MS06-055 immediately to protect themselves from current exploitation.”

Thanks to Paul at InfoWorld Tech for keeping on top of things!