eWeek.com, By Brain Prince
Microsoft is prepping a security patch for a zero-day vulnerability in the Microsoft Internet Explorer Web browser. The out-of-band patch is slated to be ready Dec. 17 and will fix a data binding problem being attacked by hackers.
"Looking at the fact that Microsoft shipped an out-of-bound patch for MS 08-067, and the fact that malware targeting MS 08-067 did not nearly infect the amount of machines that the new IE 0-day has, Microsoft's decision to ship an emergency update patch is to be applauded," Roel Schouwenberg, senior anti-virus researcher at Kaspersky Lab, said in a statement. "It also shows that the wormability of vulnerability is no longer a good indicator of the seriousness of a threat and that these Web-based threats are now much more dangerous than network worms, as I stated during the initial outbreak of the MS 08-067 malware."