Over at the Microsoft Security Response Security Blog, a statement has been issued indicating that a patch will be issued today for an exploit that was mentioned about last Friday. What is also strange is that Microsoft knew about this vulnerability since December of 2006, but chose until April, 2007 to apply a fix. Now since there are over 100 Web sites exploiting the vulnerability, the fix will be issued before the traditional patch Tuesday.
Microsoft’s blog states:
“From our ongoing monitoring of the situation, we can say that over this weekend attacks against this vulnerability have increased somewhat. Additionally, we are aware of public disclosure of proof-of-concept code. In light of these points, and based on customer feedback, we have been working around the clock to test this update and are currently planning to release the security update that addresses this issue on Tuesday April 3, 2007.
I want to note that we are testing still and will be up until the release, to ensure the highest quality possible. So, it’s possible that we will find an issue that will force us to delay the release. If we do find an issue, though, we will let you know through the MSRC weblog as soon as we know.”
Make sure you get the patch.
[tags]microsoft, patch, exploit[/tags]