Evolution of the VML flaw

Since the beginning of 2006, IE and other Web applications have certainly received their share of time in the patching spotlight. Almost like clockwork, Microsoft's monthly patch release features a fix for their Web browser or some other Internet-based vulnerability. September saw a VML flaw take on a life of its own and Microsoft actually released an uncharacteristic out-of-cycle patch for the problem. But what about Web applications makes them so dangerous that they receive such special attention? Prepare for the next time a vulnerability arises in your Web applications by checking out this series of Web security tips and guides.

Evolution of the September VML flaw

Just days after Patch Tuesday, Microsoft announced a new Internet Explorer flaw that could potentially allow attackers to crash or take control of a system. The high danger level of the flaw, which affects vector markup language, caused the company to release an out-of-cycle fix for the vulnerability this past week. While the release marked only the second time this year Microsoft has made a patch available outside of Patch Tuesday,...

it is hardly the first circumstance of a patch emergency involving Web applications such as Internet Explorer.

Early recommendations suggested that IT admins mitigate the flaw by only allowing trusted Web sites to run ActiveX controls until a formal patch was issued later. Microsoft originally planned to release a fix this upcoming Patch Tuesday (October 10th). However, attacks against the flaw continued to grow and Microsoft was forced to release the out-of-cycle patch earlier this week.

Prepare yourself for Web vulnerabilities

Since the beginning of 2006, IE and other Web applications have certainly received their share of time in the patching spotlight. In fact, the only other out-of-cycle patch release from Microsoft this year dealt with an exploit targeting Windows Metafile Format files that users accessed in Internet Explorer. So what about Web applications makes them so dangerous that they receive such special attention? Prepare for the next time a vulnerability arises in your Web applications by checking out this series of Web security tips and guides.


Web vulnerability defense
Tip 1: Web Browser Security Learning Guide
Tip 2: Security risks in IE 6
Tip 3: Understanding IPsec identity and authentication options
Tip 4: Adjusting security settings in Internet Explorer 6.0
Tip 5: Step-by-Step Guide: Securing Web servers
Tip 6: Running Web Applications in ISA Server
Tip 7: Upgrading and patching Firefox
This was first published in September 2006

Dig deeper on Microsoft Internet Explorer (IE)

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchVirtualDesktop

SearchWindowsServer

SearchExchange

Close