If you have been using Windows for the last few years you know that Microsoft typically releases all of their security related updates on the second Tuesday of each month. So this is unique in that they are releasing this update two weeks early and will not go into a lot of detail about the exploit prior to the release of the fix.
The advance notification for this out-of-band update is here – Read the advance notification for the upcoming out-of-band security bulletins.
This update is for two programs:
- Internet Explorer for which the update is considered Critical and involves remote code execution
- Visual Studio which also involves remote code execution however the rating is Moderate.
The notification I received from the Microsoft Security Response Center Team blog site has this statement in it:
While we can’t go into specifics about the issue prior to release, we can say that the Visual Studio bulletin will address an issue that can affect certain types of applications. The Internet Explorer bulletin will provide defense-in-depth changes to Internet Explorer to help provide additional protections for the issues addressed by the Visual Studio bulletin. The Internet Explorer update will also address vulnerabilities rated as Critical that are unrelated to the Visual Studio bulletin that were privately and responsibly reported.
Customers who are up to date on their security updates are protected from known attacks related to this Out of Band release.
That last line should alleviate some concerns if your up to date with your system wide security updates from Microsoft. The last batch of updates were released earlier this month as I discussed in my Microsoft Security Bulletin Advance Notice for July 2009 which covered the 14 July monthly updates.
Just goes to show that if you keep your system up to date then you are much less likely to suffer from these exploits.
Stay safe out there and up to date!
