A new security threat known as the VML vulnerability has just been patched by Microsoft with a possibility of email messages taking advantage of this security gap in Windows.
This is important because there’s a possibility of email messages taking advantage of this security gap in Windows. Just displaying a message in the preview pane could infect your computer – though it’s a possibility that has not been exploited.
The update is available from here for Windows XP and Windows 2003, including the 64bit versions.
You may already have the update courtesy of Windows Update. If your computer rebooted itself overnight that’s probably why. To check go to Control Panel | Add Remove Software and tick the ‘Show Updates button. In the long list of Windows XP updates look for one with the label ” (KB925486) “.
Microsoft says, rightly, that the vulnerability affects Internet Explorer. That’s strictly true but deliberately obscures the fact that many programs make use of the core IE technologies. People might think they are safe because they don’t use Internet Explorer as their web browser, but that’s not the case.
Most importantly for Office users, Outlook and Outlook Express uses IE systems to display email messages. Other Office programs use the VML systems in IE to display any VML graphics.
