Developers who used the buggy code 'library' must redo software, update customers
By Gregg Keizer, ComputerWorld
As promised, Microsoft Corp. today patched six vulnerabilities in Internet Explorer and Visual Studio with the first "out-of-cycle" update since last October, when it plugged a hole that the Conficker worm later used to run rampant.
Microsoft has been working on the Visual Studio bugs, and coordinating with third-party developers who may have crafted vulnerable software using Visual Studio, since early 2008.
As some had speculated, Microsoft rushed the patches to users this week to preempt a presentation slated for tomorrow at Black Hat by several security researchers. The researchers plan to demonstrate a way for attackers to bypass the "kill-bit" defenses that Microsoft frequently deploys as a stop-gap measure for fixing bugs.
FOR COMPLETE STORY, PLEASE CLICK HERE.
~Sandy G.
