No replies to this topic

[Nvyseal]

The Internet Explorer patch was released early because Microsoft was concerned of the critical risk to users. The vulnerability involves the way that the browser handles Vector Markup Language (VML) graphics. Malicious hackers can exploit the flaw by creating a Web page that can download spyware or keyloggers onto a user's system.

Although Microsoft usually releases its bug patches once a month, the company has done an out-of-cycle fix for a critical Internet Explorer flaw. Microsoft has noted that it released the patch early because it was concerned of the risk to users.

Discovered by Sunbelt Software, the vulnerability involves the way that the browser handles Vector Markup Language (VML) graphics. Malicious hackers can exploit the flaw by creating a Web page that can download spyware or keyloggers onto a user's system.

In its security bulletin, Microsoft notes that the vulnerability can also be exploited through an HTML e-mail, which when opened could potentially lead to remote code execution.

In a security Relevant Products/Services from MessageLabs blog posting, the company noted that the bug "affected many different platforms in many scenarios that are considered by customers to be common usage."

Although it seems there is potential for harm, Microsoft noted that the actual number of attacks was low. The company points out that the vulnerability does not apply to IE 7, the version that is currently in pre-release form.

Source NewsFactor

Nice to know IE7 is safe to use