Agentless Backup is Not a Myth

Microsoft has broken its normal release schedule to publish a security patch to address a critical vulnerability in Internet Explorer that has become the target of widespread hacking attacks.

A security bug in the Vector Markup Language (VML) component of IE has been used to infect users visiting specific pornographic, or other maliciously constructed, websites. Security firms report the increased prevalence of mass mailing lures that attempts to direct surfers to web sites hosting VML exploit code, using tricks including claims that users have received a Yahoo! Greeting Card.

Meanwhile, Microsoft is assisting the FBI and other law enforcement investigators in tracking down the perpetrators of the attack.

The availability of an official patch from Microsoft comes days after the release of an unofficial patch from a new ad-hoc group of security pros, called the Zeroday Emergency Response Team (ZERT). The availability of an unofficial patch placed extra pressure on Microsoft to produce an official fix, it's tempting to think, though no-one at Redmond is ever likely to admit as much. The official line is that testing on the IE patch was completed ahead of schedule. Microsoft continues to advises users to stay clear of unofficial patches on general principle.

The VML security bug is unrelated to a (still unpatched) flaw in Microsoft's Direct Animation Path (daxctle.ocx) ActiveX control discovered earlier this month. This ActiveX flaw has not become the subject of widespread exploit but still represents a serious security risk. ®

Steps to Take Before Choosing a Business Continuity Partner