Microsoft will be releasing an out-of-band patch for the rising incidents of the VML vulnerability (MS06-055). Microsoft has dubbed this as Vulnerability in Vector Markup Language Could Allow Remote Code Execution (925486). They rated this vulnerability as Critical, which is the highest severity rating given for a vulnerability due to its easy replication that can result to Remote Code Execution (RCE).
Moreover, Microsoft will also re-release Microsoft Security Bulletin MS06-049 (Vulnerability in Windows Kernel Could Result in Elevation of Privilege) to fix the problem that arises when applying the previous release of MS06-049 patch on systems running NTFS file system compression.
Microsoft has announced that the update will be available on September 26, 2006 around 10:00am PST. So, you better get ready to patch up your systems!
MS06-055 – Vulnerability in Vector Markup Language Could Allow Remote Code Execution (925486)
MS06-049 – Vulnerability in Windows Kernel Could Result in Elevation of Privilege (920958)
