Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Microsoft Plans To Patch Zero-Day Windows Bug

Microsoft plans to patch an increasingly-dangerous zero-day vulnerability in Windows next week as part of its monthly security update, the Redmond, Wash.-based developer said Tuesday.

"Microsoft has completed development of the security update for the vulnerability," a company spokesperson wrote TechWeb in an e-mail. "The security update is now being localized and tested to ensure quality and application compatibility."

She stopped short of promising a patch, however, adding "This release is predicated on successful completion of quality testing."

The move is just the latest in the week-long story of a new vulnerability uncovered in Windows' rendering of WMF (Windows Metafile) images, and an increasingly long list of both exploits and Web sites using these exploits to hack into PCs. As far as some researchers are concerned, Microsoft's promise is overdue.

On Tuesday, the SANS Institute's Internet Storm Center (ISC) recommended that users not wait for Microsoft's fix, but unregister a vulnerable DLL and apply an "unofficial" patch created by a third-party researcher.

  • 1