PatchLink Releases Exploit Fix

PatchLink is releasing a PatchLink-authored fix for customers worldwide to protect their networks from VML zero-day threats

September 25, 2006

2 Min Read
Network Computing logo

SCOTTSDALE, Ariz. -- As hackers continue to exploit a security vulnerability in Microsoft Internet Explorer rated as "extremely critical," PatchLink is releasing a PatchLink-authored fix for customers worldwide to protect their networks from VML zero-day threats.

According to PatchLink Vice President of Security Technologies Chris Andrew, the Microsoft IE flaw could be potentially harmful to the IT environment as it can lead to remote execution of a malicious code on a users' system. Andrew notes: "Zero-day vulnerabilities such as the IE flaw are a rising trend in today's security landscape. With the VML exploit now becoming more widespread, PatchLink today has taken immediate action to develop and deliver an automated fix for the zero-day threat for our customers to mitigate risks to their systems until next Microsoft Patch Tuesday rolls around. This remedy helps our customers to automatically deploy one of the Microsoft-endorsed solutions for this particular exploit, and can be automatically uninstalled once the official vendor patch becomes available."

PatchLink cautions IT professionals to always implement a best practices approach for distributing patches. A wait-and-see approach leaves a network open to attack and also increases the chance of human error. With some planning in conjunction with automated IT security software solutions for patch management and vulnerability remediation, critical security updates can be easily tested and deployed long before a virulent worm or Trojan attacks.

Andrew adds: "As the number of vulnerabilities continue to rise with over 6,700 expected in 2006, IT administrators can expect to see more third-party patches such as the VML patch released by the ZERT group to protect against zero-day outbreaks. However, PatchLink highly recommends organizations take careful measures to ensure the patch is fully endorsed and recognized as the appropriate safe solution by trusted industry organizations such as PatchLink, SANS or CERT before blindly implementing this temporary patch forthe MS IE flaw."

PatchLink Corp.

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like

More Insights