Less than a month after a first pass at patching a troublesome flaw affecting its dominant Internet Explorer browser, Microsoft has announced plans to release two emergency updates with a comprehensive fix for the problem.
The unusual move comes on the heels of by reverse engineering specialist Halvar Flake that the original IE kill-bit fix was “insufficient” and that Microsoft “might have accidentally introduced security vulnerabilities into third-party products.”
Microsoft declined to discuss specifics of the emergency patches until (July 28, 2009) according to our source, it is directly linked to the Microsoft Video ActiveX Control (msvidctl.dll) issue that was being exploited in the wild.
READ ABOUT ActiveX Control Here
- One bulletin will be for the Microsoft Visual Studio product line; application developers should be aware of updates available affecting certain types of applications.
- The second bulletin contains defense-in-depth changes to Internet Explorer to address attack vectors related to the Visual Studio bulletin, as well as fixes for unrelated vulnerabilities that are rated Critical.
No comments:
Post a Comment