Microsoft Breaks Patch Cycle, Releases Out-of-Band Fix for Visual Studio and IE
Microsoft has announced that this Tuesday, the 28th of July, it will release an out-of-band update that is meant to address the issue of overall customer security – it will also include two (separate) security bulletins related to Visual Studio and one related to IE (Internet Explorer). The Visual Studio one has been rated by Microsoft as “moderate” while the IE one has been rated as “critical.” Both security vulnerabilities allow a person with malicious intent to perform remote code execution on the targeted machine.
Technical details on the security bulletins included in this out-of-band update are scarce, mainly because Microsoft does not want to share them with the rest of the world before a patch has already been released.
Director with Microsoft Security Response Center (MSRC), Mike Reavey, comments: “While we can’t go into specifics about the issue prior to release, we can say that the Visual Studio bulletin will address an issue that can affect certain types of applications. The Internet Explorer bulletin will provide defense-in-depth changes to Internet Explorer to help provide additional protections for the issues addressed by the Visual Studio bulletin. The Internet Explorer update will also address vulnerabilities rated as Critical that are unrelated to the Visual Studio bulletin that were privately and responsibly reported.”
The thing to keep in mind is that the Redmond-based software giant rarely breaks its Patch Tuesday program. Each month, on the second Tuesday, Microsoft rolls out an update for its products. There are times when the company breaks this cycle, but that is quite unusual. It must mean that the security issue in question is quite a serious one – and by that I mean it is being actively exploited in the wild.
It is not all doom and gloom though. Mike Reavey explained that if you are a Microsoft customer and are up-to-date on your security updates, then you should be protected from known attacks related this update.
Besides Mike Reavey's announcement, an Advance Notification has been issued as well – you can read it here.
Technical details on the security bulletins included in this out-of-band update are scarce, mainly because Microsoft does not want to share them with the rest of the world before a patch has already been released.
Director with Microsoft Security Response Center (MSRC), Mike Reavey, comments: “While we can’t go into specifics about the issue prior to release, we can say that the Visual Studio bulletin will address an issue that can affect certain types of applications. The Internet Explorer bulletin will provide defense-in-depth changes to Internet Explorer to help provide additional protections for the issues addressed by the Visual Studio bulletin. The Internet Explorer update will also address vulnerabilities rated as Critical that are unrelated to the Visual Studio bulletin that were privately and responsibly reported.”
The thing to keep in mind is that the Redmond-based software giant rarely breaks its Patch Tuesday program. Each month, on the second Tuesday, Microsoft rolls out an update for its products. There are times when the company breaks this cycle, but that is quite unusual. It must mean that the security issue in question is quite a serious one – and by that I mean it is being actively exploited in the wild.
It is not all doom and gloom though. Mike Reavey explained that if you are a Microsoft customer and are up-to-date on your security updates, then you should be protected from known attacks related this update.
Besides Mike Reavey's announcement, an Advance Notification has been issued as well – you can read it here.
