|
ALARM Group ALERT - click for a description of ALARM, The Computing Alert System
Alert Number: 092706-01
Alert Date: 9/27/06
Alert Title: Microsoft releases patch for VML vulnerability
Update-to:
092206-01 "SANS increases infocon level for *UNPATCHED* VML vulnerability in Internet Explorer"
091906-01 "*UNPATCHED* VML vulnerability in Internet Explorer"
OS/Platform/Application: Microsoft Internet Explorer version 5 and later
Category: ALERT
Severity: HIGH
Attention: System Administrators, Desktop Support Personnel, IE users, Microsoft Outlook users |
Summary: On September 26 2006 Microsoft released security bulletin MS06-055. MS06-055 addresses a vulnerability in its Vector Markup Language (VML) component that has been the target of exploit code that was recently released for public consumption. The vendor has released this critical bulletin ahead of its standard (monthly) schedule and is advising that "Customers should apply the update immediately".
Recommended Actions: Persons who manage, maintain or use Windows systems that run IE 5.0 and later and/or Microsoft Outlook are encouraged to read The security bulletin (links provided below) and (if appropriate) apply the updates as soon as possible.
ITS Actions: TS Systems Management and Operations Staff will apply all necessary patches to the appropriate ITS servers as part of the next scheduled system update.
Resources:
Microsoft Security bulletin MS06-055:
http://www.microsoft.com/technet/security/Bulletin/MS06-055.mspx
