Wednesday, July 29, 2009

Microsoft rushes patches to fix 'big deal' programming flaw

Developers who used the buggy code 'library' must redo software, update customers

By Gregg Keizer, ComputerWorld
As promised, Microsoft Corp. today patched six vulnerabilities in Internet Explorer and Visual Studio with the first "out-of-cycle" update since last October, when it plugged a hole that the Conficker worm later used to run rampant.

Microsoft has been working on the Visual Studio bugs, and coordinating with third-party developers who may have crafted vulnerable software using Visual Studio, since early 2008.

As some had speculated, Microsoft rushed the patches to users this week to preempt a presentation slated for tomorrow at Black Hat by several security researchers. The researchers plan to demonstrate a way for attackers to bypass the "kill-bit" defenses that Microsoft frequently deploys as a stop-gap measure for fixing bugs.


~Sandy G.


Kristin said...

Thank you so much for following my blog! You have a lot going on over here.

SANDY G. said...

Hi Kristin. You're very welcome!