by Brian Sheinberg July 28, 2009
Tuesday, for the first time this year, Microsoft released out-of-band patches to repair what it considers critical vulnerabilities in the Internet Explorer Web browser. To assist IT professionals from being overwhelmed by the testing and deployment of security fixes, Microsoft had implemented a system of releasing patches once a month to facilitate better planning. Only when it feels a flaw is critical -- meaning it can be exploited remotely, without user intervention -- does the company issue what it calls an out-of-band release. In this case, users can open themselves up to an attack by simply viewing a malicious Web page. While Microsoft lists the various versions of Internet Explorer, running on specific operating systems, it is clearly safe to say that anyone using any version of the Web browser on versions of Windows 2000 or later, is vulnerable. Additionally, patches are being released for holes in the Visual Studio Active Template Library (ATL). A company spokesman stated that users who are up-to-date with patches are protected against these flaws, which leads us to ask, why release these critical updates? From what we can tell, the answer might be what Microsoft is calling a new defense-in-depth technology.
Read more here -->Link
No comments:
Post a Comment