Faster than a speeding bullet: Microsoft patches V (Score 1)

When it comes to writing about Microsoft's security vulnerabilities, I never know what type of feedback to expect in the discussion. Sometimes the response is loud and clear: we know what we're doing, so we'll happily wait for the patch. Other times, it's the exact opposite: Microsoft better do something quick. And when it came to the Zeroday Emergency Response Team (ZERT) taking the initiative to repair Internet Explorer's Vector Markup Language (VML) vulnerability, I wasn't let down--the majority sentiment surprisingly echoed MrCatbert's initial comment: "Go Zert!"

While it's quite possible that many of you decided to install ZERT's fix, I decided to wait for Microsoft's patch, especially because it was supposed to arrive before the October 10 deadline. Now, the company has not only released the patch early, but it appears to have bested the previous company record of an 8-day turnaround on a vulnerability. Starting on September 19, the VML bug took seven days to fix. Microsoft's Scott Deacon attributes the breakneck turnaround time to teamwork, saying via the MSRC blog, "Through some really top notch effort by all our testing teams, we were able to reach our quality bar far sooner than we originally anticipated. Yesterday we really became confident in our final checklists that we could release it and so we have done so."

The security bulletin for the new fix is MS06-055. If you've modified VGX.DLL in order to protect your system from possible exploits, Microsoft's advises that you undo the change before applying MS06-055. Otherwise, the patch may not work. In other security news, Microsoft's Craig Gehre has announced that MS06-049 has been re-released.