Yesterday, Microsoft issued a couple of out-of-cycle fixes, addressing a critical vulnerability in versions 5, 6, 7 and 8 of its Internet Explorer (IE) web browser, as well as an important vulnerability in its development tools Visual Studio .NET 2003, 2005 and 2008, and Visual C++ 2005 and 2008.
An exploit of the aforementioned flaws can lead to remote execution of rogue code.
Microsoft’s deviation from its normal practice of issuing these security updates outside its regular schedule of the second Tuesday of each month is a clear indication of how critical and urgently required they are.
Do NOT delay installing them, especially if you are regularly surfing the web using Internet Explorer.
There is speculation that these urgent patches may be related to a presentation at the Black Hat security conference that opened last weekend in Las Vegas. Said presentation focuses on vulnerabilities in the communications between individual browser components.
Presumably the authors found a way to circumvent the so-called kill bit, a mechanism Microsoft had implemented to defuse a multitude of critical security vulnerabilities by disabling the execution of ActiveX controls with known security vulnerabilities in Internet Explorer.
