Microsoft Might Patch IE Early
With pressure from the security community mounting, Microsoft might issue an early patch for a recently discovered flaw in Internet Explorer (IE) 6. The software company had originally expected to patch the flaw in IE's Vector Markup Language (VML) rendering component on October 10, Microsoft's next regularly scheduled security update release day.
There's just one problem: Attackers have already exploited the flaw. Over the weekend an attack was disseminated through Web hosting providers by using another flaw in software that many such providers use. For now, Microsoft says that actual attacks are limited and aren't dramatic and widespread as some news accounts have alleged.
Regardless, Microsoft intends to ship its patch as soon as it's ready. We have been working non-stop on an update to help protect from this vulnerability Microsoft Security Response Center Operations Manager, Scott Deacon wrote in a corporate blog Friday. We've made some progress in our testing pass for the update and are now evaluating releasing this outside the monthly cycle as we do any time customers are under threat and we believe we can issue an update that meets our quality bar for widespread deployment. So right now, we're looking at where we hit that quality bar and if that occurs prior to the monthly cycle then we will release a patch.
Given the schedule, Deacon alluded to in the blog Microsoft could release an update at any time In the meantime for more information about the vulnerability and a list of workarounds for the flaw see Microsoft Security Advisory.