Experts recommend urgent patching for new Microsoft flaws

Microsoft has issued two new patches

Security experts are warning IT administrators to update their systems as soon as possible, after Microsoft yesterday released emergency patches to cover vulnerabilities in Visual Studio and Internet Explorer.

As announced by V3.co.uk on Saturday, Microsoft released the patch for Internet Explorer in response to "three privately reported vulnerabilities" in the web browser.

"These vulnerabilities could allow remote code execution if a user views a specially crafted web page using Internet Explorer," read a Microsoft security bulletin. "Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."

The other patch, for a vulnerability in the Active Template Library (ATL) of Visual Studio marked as moderate by Microsoft, is "specifically intended for developers of components and controls", according to the firm.

"Developers who build and redistribute components and controls using ATL should install the update provided in this bulletin and follow the guidance provided to create, and distribute to their customers, components and controls that are not vulnerable to the vulnerabilities described in this security bulletin," said the bulletin.

Security vendor F-Secure warned users via a blog posting that these patches should be implemented without delay. "As we've stated before, these don't come so often, so when they do it's for a good reason and it's best to pay attention and make sure you get your machines updated," said the firm.

Eric Shultze, chief technology officer at patch management firm Shavlik Technologies, echoed these sentiments, warning that the vulnerabilities are due to be demonstrated in public at the Black Hat conference in the US today.