Microsoft has released a patch for the vulnerability in Internet Explorer reported earlier this month. It will be distributed via automatic updates, although users who don't use this feature will have to download it manually.
The patch takes care of three vulnerabilities in the browser, modifying the way Explorer handles memory and table operations.
Meanwhile, the software giant has also unveiled the progress of its information-sharing programmes and has used the Black Hat USA conference to debut new tools and guidance designed to help security professionals manage online threats.
In an effort to help shift advantage to the security industry, Microsoft created the Microsoft Active Protections Programme (MAPP), Microsoft Exploitability Index and Microsoft Vulnerability Research (MSVR) programmes, announced at Black Hat last year. The MAPP and MSVR programs increase the level of industry collaboration, and the Exploitability Index builds on this collaboration and provides additional information and guidance on managing risk to Microsoft customers.
As of July 2009, 47 global partners have joined MAPP and the programme has helped to decrease the risk of attack.
The Microsoft Exploitability Index has also proven an effective and reliable resource to help customers better assess risk. Of the 140 Exploitability Index ratings Microsoft provided from October 2008 to June 2009, only one had to be modified — a 99 % reliability rate.
In addition, to help customers better protect themselves, Microsoft released new tools and guidance that make it easier to measure and manage risk.
The Microsoft Security Update Guide outlines Microsoft’s resources, processes and practices surrounding its security release process. Available for download, the guide helps customers plan for security releases, improve risk evaluation decisions and highlight the resources available to help customers deploy updates quickly with minimal disruption to their IT environments.
Project Quant is a Microsoft-sponsored, open community project is aimed at developing an update management cost model that IT departments, analysts and consultants can use to establish common baselines and improve their processes and practices. A Project Quant report containing a description of the update management model, including the community-developed update management cycle and associated details concerning each phase of the update cycle, is available for download.
The Microsoft Office Visualisation Tool is a free tool designed to help combat file format-based software vulnerabilities and exploits, OffVis will allow customers to better understand and deconstruct Microsoft Office-based attacks. As a result, security vendors can build deeper, more precise malware detection signatures and develop new techniques for analyzing malware. The tool is available for no-charge download.