Special News Coverage

Evolution of the VML flaw

Evolution of the September VML flaw

Just days after Patch Tuesday, Microsoft announced a new Internet Explorer flaw that could potentially allow attackers to crash or take control of a system. The high danger level of the flaw, which affects vector markup language, caused the company to release an out-of-cycle fix for the vulnerability this past week. While the release marked only the second time this year Microsoft has made a patch available outside of Patch Tuesday, it is hardly the first circumstance of a patch emergency involving Web applications such as Internet Explorer.

Early recommendations suggested that IT admins mitigate the flaw by only allowing trusted Web sites to run ActiveX controls until a formal patch was issued later. Microsoft originally planned to release a fix this upcoming Patch Tuesday (October 10th). However, attacks against the flaw continued to grow and Microsoft was forced to release the out-of-cycle patch earlier this week.

Prepare yourself for Web vulnerabilities

Since the beginning of 2006, IE and other Web applications have certainly received their share of time in the patching spotlight. In fact, the only other out-of-cycle patch release from Microsoft this year dealt with an exploit targeting Windows Metafile Format files that users accessed in Internet Explorer. So what about Web applications makes them so dangerous that they receive such special attention? Prepare for the next time a vulnerability arises in your Web applications by checking out this series of Web security tips and guides.

Web vulnerability defense
Tip 1: Web Browser Security Learning Guide
Tip 2: Security risks in IE 6
Tip 3: Understanding IPsec identity and authentication options
Tip 4: Adjusting security settings in Internet Explorer 6.0
Tip 5: Step-by-Step Guide: Securing Web servers
Tip 6: Running Web Applications in ISA Server
Tip 7: Upgrading and patching Firefox

This was first published in September 2006

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: