Get this fix right away: Microsoft released an unusual out-of-cycle patch yesterday for the latest zero-day hole in Internet Explorer 6 that can hit fully patched systems (up until yesterday) with a drive-by-download.

The threat involves images in a little-used Microsoft format called VML, for vector markup language. Microsoft had originally said it would release a patch on its next scheduled update day, Oct. 10. But my colleague Robert McMillan at the IDG news service reported that there are already thousands of Web sites exploiting this VML graphics bug. So to their credit, Microsoft moved more quickly than they originally stated. The ongoing attacks against the similar similar WMF hole from January likely played a part.

Redmond is distributing the fix via Automatic Updates. I installed the patch on my computers last night as I got the notice (I have updates set to download automatically but wait for my ok to install). You should also be able to run Windows Update manually to get it.

This entry was posted on Thursday, September 28th, 2006 at 10:58 pm and is filed under Linux/Open Source [t], Microsoft Network [t]. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.