In response to much attention on the ANI vulnerability in IE, Microsoft has decided to release security bulletin MS07-017 this Tuesday, a week earlier than scheduled. “Microsoft is aware of the existence of a public attack utilizing the vulnerability,” a Microsoft spokesperson said, “Since testing has been completed earlier than anticipated, Microsoft has released the update ahead of schedule to help protect customers.”

The impact of this particular vulnerability should be minimal if you follow security best practices and use some common sense, but it is always best to apply the patch as soon as it is available. The patch modifies a number of IE binaries so it should be tested in your environment, especially with any line-of-business applications, before any widespread deployment.

Note that Microsoft will deploy the patch via Automatic Updates so users with that enabled will not need to take any additional action to install this patch once it becomes available.

Related posts

• No related posts.