"This was an excellent move on the part of Microsoft, and we're pleased to see them respond to the concerns of the security community," Alex Eckelberry, president of anti-spyware toolmaker Sunbelt Software, said in an e-mail interview. Sunbelt had been monitoring attacks that exploit the flaw, which it said have been increasing.
First reported last week, the vulnerability stems from the Windows component called "vgx.dll", which is intended to support Vector Markup Language documents in the operating system. It has emerged that a flaw in this makes it possible for an attacker to exploit the vulnerability by constructing a specially crafted Web page or HTML e-mail that could potentially allow remote code execution. Just days ago, an alternative patch was supplied by the Zeroday Emergency Response Team (ZERT) which also fixed this issue.