Update on VML zero-day exploit

Microsoft, makers of the Internet Explorer web browser vulnerable to latest zero-day exploit, acknowledged the threat and published a security advisory explaining the risks and providing temporary workarounds until the patch targeting the VML vulnerability is not released.

Four tested workarounds are suggested. Each has own impacts. We recommend one that involves unregistering of the vgx.dll library, which allows applications to render VML (Vector Markup Language).

Note The following steps require Administrative privileges. It is recommended that the system be restarted after applying this workaround. It is also possible to log out and log back in after applying the workaround however; the recommendation is to restart the system.

1. Click Start, click Run, type “regsvr32 -u “%ProgramFiles%\Common Files\Microsoft Shared\VGX\vgx.dll ” (without the quotation marks), and then click OK.

2. A dialog box appears to confirm that the un-registration process has succeeded. Click OK to close the dialog box.

Impact of Workaround: Applications that render VML will no longer do so once Vgx.dll has been unregistered.

To undo this change, re-register Vgx.dll by following the above steps. Replace the text in Step 1 with “regsvr32 “%ProgramFiles%\Common Files\Microsoft Shared\VGX\vgx.dll” (without the quotation marks).

Alternative workarounds can be found here.

It should be noted that Microsoft plans to patch a flaw in Internet Explorer on Tuesday, October 10, 2006. This can only mean three disturbing weeks for computer users. Of course, those who will apply a workaround or switch to Mozilla Firefox or Opera should be safe. However, as statistics show, the larger part of people does not react in time, until it’s too late. The latest exploit has all chances to hit thousands of vulnerable systems around the world.

P.S. Ever wonder which parasites does VML exploit install? Take a look on this tentative malware list.

Like us on Facebook