Today, on September 26, Microsoft has issued a security update to patch a highly critical vulnerability in Internet Explorer. This fix has been released out of cycle, two weeks earlier than scheduled. It seems that discussions, lots of news and unofficial third-party patches altered Microsoft plans.
A flaw discovered on September 18 is utilized by an exploit used by hackers to install loads of spyware and malware to vulnerable systems. According to some security experts, web sites hosting VML exploit remain active, and up to several millions of different pages are still redirecting visitors to those sites.
Earlier, Microsoft spokesmen have said that attacks are limited. Whether it is still unknown how many computers have been compromised, it seems that number of attacks succeeded isn’t so small.
Microsoft and security experts encourage users to apply the fix as quickly as possible. Systems with Automatic Updates enabled will download and install the patch automatically. If you prefer manual updates, please visit Microsoft Windows Update or download the fix from here.
Important! If you have applied one of the workarounds such as unregistering the vgx.dll library, you have to reactivate disabled components and undo the changes BEFORE applying official fix. Most users should do the following:
Click Start, click Run, type regsvr32 “%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll”, and then click OK.