Yeah we have known about the flaw for
months
Microsoft today said it would deliver six security updates next week
including two for holes that hackers have been using for months.
Three
will affect Windows, and one each will patch problems in Publisher, Internet
Security and Acceleration Server (ISA) and Microsoft's Virtual PC and
Virtual Server software. The Windows updates will be tagged "critical,"
Microsoft's highest threat ranking, while the others will be marked
"important.”
The crucial ones fix a flaw in zero-day vulnerabilities. One is
a vulnerability in DirectX's DirectShow and another in an ActiveX control
exploitable through IE6 and IE7. Redmond claims that two of the three
critical Windows fixes next week will address vulnerabilities it talked
about last week.
Normally Microsoft does not say which bugs will be patched,
but Microsoft has hinted that it is very important that these bugs are
fixed.