Microsoft releases fast patch for IE flaw
Only 8 days *ahem* after realizing that attackers were exploiting the latest unpatched Windows VML security flaw, Microsoft has finally decided to break its normal release schedule and publish a patch to fix this whole mess.
The patch fixes the flawed way in which Internet Explorer handles the Vector Markup Language (VML), a proposed standard for coding vector graphics into XML. Attacks using the flaw were detected eight days before the patch, on September 18, by Sunbelt Software, although other security companies may have independently discovered the issue. Over the weekend, attackers used another zero-day exploit--this time in a Web application known as cPanel--to compromise Web sites and send visitors to a rogue page that hosted the attack code.