|
|
       
|
|
Announcements [View All]
ALERT: New Zero-Day IE Vulnerability I have become aware of information about the newest IE 0-day (VML) Vulnerability in Vector Markup Language attack. VML attacks have ramped up significantly in the past 24 hours. Confirmed reports of attacks are expected to increase rapidly through this weekend. Microsoft is aware that this vulnerability is being actively exploited. A security update to address this vulnerability is now being finalized through testing Microsoft’s goal is to release the update on Tuesday, October 10, 2006, or sooner depending on customer needs. I recommend that you monitor this issue over the weekend and implementing a workaround carefully. If the threat because more of a concern there is an unofficial patch that can be reviewed and tested. Microsoft has tested the following workaround. While this workaround will not correct the underlying vulnerability, it helps block known attack vectors. When a workaround reduces functionality, it is identified in the following section. Customers are encouraged to keep their anti-virus software up to date. Note The following steps require Administrative privileges. It is recommended that the system be restarted after applying this workaround. It is also possible to log out and log back in after applying the workaround however; the recommendation is to restart the system. To un-register Vgx.dll, follow these steps: 1. Click Start, click Run, type "regsvr32 -u "%ProgramFiles%\Common Files\Microsoft Shared\VGX\vgx.dll"" (without the quotation marks), and then click OK. 2. A dialog box appears to confirm that the un-registration process has succeeded. Click OK to close the dialog box. Impact of Workaround: Applications that render VML will no longer do so once Vgx.dll has been unregistered. To undo this change, re-register Vgx.dll by following the above steps. Replace the text in Step 1 with "regsvr32 "%ProgramFiles%\Common Files\Microsoft Shared\VGX\vgx.dll”" (without the quotation marks). To modify the Access Control List (ACL) Vgx.dll to be more restrictive, follow these steps: 1. Click Start, click Run, type "cmd" (without the quotation marks), and then click OK. 2. Type the following command at a command prompt. Make a note of the current ACL’s that are on the file (including inheritance settings) for future reference in case you have to undo this modification: cacls "%ProgramFiles%\Common Files\Microsoft Shared\VGX\vgx.dll" 3. Type the following command at a command prompt to deny the ‘everyone’ group access to this file: echo y| cacls "%ProgramFiles%\Common Files\Microsoft Shared\VGX\vgx.dll" /d everyone 4. Close Internet Explorer, and reopen it for the changes to take effect. Impact of Workaround: Applications and Web sites that render VML may no longer display or function correctly. You can help protect against this vulnerability by changing your settings to disable binary and script behaviors in the Internet and Local intranet security zone. To do this, follow these steps: 1. In Internet Explorer, click Internet Options on the Tools menu. 2. Click the Security tab. 3. Click Internet, and then click Custom Level. 4. Under Settings, in the ActiveX controls and plug-ins section, under Binary and Script Behaviors, click Disable, and then click OK. 5. Click Local intranet, and then click Custom Level. 6. Under Settings, in the ActiveX controls and plug-ins section, under Binary and Script Behaviors, click Disable, and then click OK. 7. Click OK two times to return to Internet Explorer. Impact of Workaround: Disabling binary and script behaviors in the Internet and Local intranet security zones may cause some Web sites that rely on VML to not function correctly. For additional information please review the below link. http://www.microsoft.com/technet/security/advisory/925568.mspx Disclaimer: This email should not be interpreted as a recommendation to throw this patch on all your corporate machines. It’s just to let you know about the situation, which Microsoft says is being "Actively Exploited" and to let you know that, after performing your own risk analysis, if you decide staying vulnerable until October 10th is not in your organization's best interest, there may be another option. |
|
|
 |
|||||||||||
