By Robert McMillan
IDG News Service
With attackers finding new ways to exploit a critical flaw in Internet
Explorer, Microsoft has released a patch for the problem, ahead of its
next scheduled round of security updates.
The patch fixes a critical vulnerability in the way Internet Explorer
renders Vector Markup Language (VML) graphics. Hackers had been
exploiting the flaw, which also affects some versions of Outlook, for
more than a week, and in recent days malicious activity had been on the
The out-of-cycle release is unusual, but not unprecedented.
Microsoft generally releases its security updates on the second Tuesday
of every month, giving system administrators a predictable way to set
aside time to test the new software. Occasionally, the company will
release patches ahead of time if a flaw is being widely exploited by
attackers. In January it patched a critical flaw in the Microsoft
Windows Metafile (WMF) image-rendering engine after it became a
With attack code that works on the latest version of Windows XP now
publicly available, the VML bug is shaping up as a very serious concern
for administrators, said Ken Dunham, the director of Verisign's iDefense
Rapid Response Team. VML attacks have now "dwarfed the WMF activity in
the same period of time compared to last year," he said.
By Tuesday, more than 3,000 Web sites were already infecting users with
malware that exploited the VML bug, according to Dunham. One week into
the WMF outbreak last January, iDefense saw about 600 sites exploiting
Security experts also warn that there are many variants of the VML
malware, some of which may be missed by security software. Researchers
at iDefense are now looking at a dozen possible variations of the VML
exploit code and have confirmed the existence of seven variants, Dunham
said. "With WMF there wasn't nearly as much modification. We see a lot
of different permutations and obfuscation techniques being utilize with
A group of security researchers released a patch for the VML flaw late
last week, independent of Microsoft, but criminals have even found a way
to exploit the fix.
In the past few days they have been circulating phony e-mails, claiming
to be a patch for the VML problem. If downloaded, this fake patch
actually installs malicious software on the victim's system, Dunham
Microsoft's next regularly scheduled security updates will be released
All contents copyright 1995-2006 Network World, Inc.
Visit the InfoSec News store!