Microsoft announced yesterday that it intends to release an out-of-band update to fix the vulnerability which facilitated security breaches in Google and at least 30 other companies.
“Given the significant level of attention this issue has generated, confusion about what customers can do to protect themselves and the escalating threat environment Microsoft will release a security update out-of-band for this vulnerability,” said Microsoft GM of Trustworthy Computing Security George Stathakopoulous.
Microsoft’s patches typically come in a wave on the second Tuesday of every month, a day now referred to by many as “Patch Tuesday.” This schedule is largely for enterprise IT administrators which must have time to evaluate all the fixes as a cohesive unit, rather than trying to assess which patch from a random day has thrown a spanner in the works.
“We take the decision to go out-of-band very seriously given the impact to customers, but we believe releasing an update out-of-band update is the right decision at this time,” Stathakopoulous continued.
Microsoft has previously stated that the number of attacks based on the vulnerability are “very limited” in the real world, and that they’re effective only against Internet Explorer 6, which launched in 2001. The firm has nevertheless cautioned users to move to IE 7 or IE 8 which, Microsoft says, aren’t susceptible to the attack in question.
Not so, says security researchers, with at least one developing a proof-of-concept attack that compromises IE 7. Internet Explorer 8 also seems susceptible, according to Vupen Security, though undoubtedly to a lesser degree than its less secure predecessors.
Microsoft will be publishing the expected availability date of a fix to resolve these issues within the day.
Articles RSS