Microsoft To Release Out Of Band Patches For Internet Explorer 8 & Visual Studio

Microsoft will release a couple of critical patches on Tuesday 28th of July to repair vulnerabilities present in Internet Explorer 8 as well as Visual Studio.

The Microsoft Security Bulletin advance notification touched upon the changes that the patches will bring. The first one will tackle Internet Explorer and allow it to "address attack vectors related to the Visual Studio bulletin, as well as fixes for unrelated vulnerabilities that are rated Critical".

The second one will be for Microsoft Visual Studio range of products and the software giant said "application developers should be aware of updates available affecting certain types of applications."

"While we can't go into specifics about the issue prior to release, we can say that the Visual Studio bulletin will address an issue that can affect certain types of applications," Mike Reavey, group manager at the Microsoft Security Response Center, explained in the MSRC blog. "The Internet Explorer bulletin will provide defense-in-depth changes to Internet Explorer to help provide additional protections for the issues addressed by the Visual Studio bulletin."

The updates will occur one week before Microsoft's monthly patch Tuesday security update session and could be linked to a recent blog post by reverse engineering grand master Halvar Flake who said that Microsoft might have inadvertently introduced security vulnerabilities into third party products.

Our Comments

Microsoft will be hosting two webcasts to provide with more details about the patches; Versions 5, 6, 7 and 8 of Internet Explorer, Visual Studio .NET 2003, 2005 and 2008, and Visual C++ 2005 and 2008 running under Windows 2000, XP, Vista and Server 2003 and 2008. No details have been released as it whether IE8 on Windows 7 will be affected.

Related Links

Microsoft to go out-of-band on Tuesday with Visual Studio patch

An emergency patch for Internet Explorer and Visual Studio by Microsoft

Microsoft Security Bulletin Advance Notification for July 2009

Critical Out-of-Band Patch for Internet Explorer 8

Microsoft to release emergency bulletins for Visual Studio, IE