Hi folks, my name is Geoff and I am a Program Manager with the IE team focusing on security updates. On Tuesday, Windows released a security update for a vulnerability in the Windows component VML (vector markup language) that can result in remote code execution running on an affected system. Although this is not an IE vulnerability, we feel it is important to mention here, as IE can be used as an attack vector for the exploit. The VML team and MSRC have investigated the issue, produced a fix, and coordinated the release plan based on the comprehensiveness of the fix and the spread of exploits on the internet. As with all Microsoft critical updates, we encourage you to download the update immediately in order to protect your systems(s) from potential attacks. For the location of the update and further information on this vulnerability please see the following links:
· Microsoft Security Bulletin MS06-055
· MSRC Blog
I also want to mention that IE7 downlevel and IE7 on Vista ARE NOT affected by this vulnerability as a newer version of the control was released with IE7 Beta 2. With that said, I want to encourage you to please install the latest version of IE7 today or follow the links above to download the appropriate update to protect your systems.
Thank you for taking the time to read this post and have a great day!