Microsoft intending to release 2 out-of-band vulnerbilities
This is an advance notification of two out-of-band security bulletins that Microsoft is intending to release on July 28, 2009. One bulletin will be for the Microsoft Visual Studio product line; application developers should be aware of updates available affecting certain types of applications. The second bulletin contains defense-in-depth changes to Internet Explorer to address attack vectors related to the Visual Studio bulletin, as well as fixes for unrelated vulnerabilities that are rated Critical.
The severity for Internet Explorer patch has been rated as CRITICAL whereas for Visual Studio has been rated as MODERATE.
The affected Operating Systems are
| Affected OS | Affected Components | Severity |
| Win 2k SP4 | IE 5 / IE 6 | Critical |
| Win XP SP2 | IE 6 / IE 7 / IE 8 | Critical |
| Win XP SP3 | IE 6 / IE 7 / IE 8 | Critical |
| Win 2k3 SP2 | IE 6 / IE 7 / IE 8 | Moderate |
| Win Vista SP1 | IE 7 / IE 8 | Critical |
| Win Vista SP2 | IE 7 / IE 8 | Critical |
| Win 2k8 SP2 | IE 7 / IE 8 | Moderate |
More Details can be found here.
These patches should be in the top to-be-patched list for system admins.
For those who are not aware of what out-of-band patch is Microsoft releases patches every second Tuesday of every month (also known as patch Tuesday) to address different vulnerabilities. But if it releases patches other than patch Tuesday, it is called out-of-band patch. Microsoft releases such patches when it finds some vulnerability to be addressed very urgently. Last known out-of-band was MS08-67 which caused major conficker worm outbreak.
Similar Posts you might be interested in:
- Microsoft releases MS-08 Dec packed with 28 patches
- Patch Tuesday – March 11 , 2009
- Microsoft 10 Feb – patch tuesday
Network Security, Vulnerability Assessment | w0lf | July 26, 2009
[...] is in continuation of advanced notification released by Microsoft few days back. It has now released MS09-34 and MS09-35 out-of-band patches [...]