[RBASE-L] - OT: Workaround needed for IE hole

Sat, 30 Sep 2006 06:44:32 -0700

Workaround needed for IE hole

By Brian Livingston

Microsoft acknowledged this week a new weakness that allows hacked Web sites to infect PCs merely by displaying specific images in the Internet Explorer browser.

The Redmond company hasn't promised to issue a patch until the company's next regular Patch Tuesday on Oct. 10, although it's possible that a patch might come out earlier.

Until then, individual Windows users can protect themselves against the flaw by deregistering vgx.dll. This DLL file is used by IE to render images that are based on Vector Markup Language (VML).

Microsoft recommends that users click Start, Run, paste the following line into the input box, and click OK:

regsvr32 -u "%ProgramFiles%\Common Files\Microsoft Shared\VGX\vgx.dll"

After Microsoft releases a patch for the problem, you can easily reregister the DLL by repeating the procedure without the -u switch:

regsvr32 "%ProgramFiles%\Common Files\Microsoft Shared\VGX\vgx.dll"

While the workaround is in effect, Web sites that use VML won't display such images properly. Since some sites are already using the flaw to infect PCs, however, it's safer to use the workaround even if some sites temporarily look different.

The above fix works on Windows XP and Server 2003, but the security hole also affects Windows 2000 SP4, according to Microsoft. For more information, see the Suggested Actions (Workarounds) section of MS bulletin 925568.

Administrators of networks can use Group Policy to disable and reenable the DLL. Details and a downloadable file are available at Jesper Johannsson's blog. Be sure to read all the follow-up comments on that page, which provide important revisions to the procedure as originally posted.

The VML hole is unrelated to an ActiveX vulnerability in IE that was first reported last week by the French Security Incident Response Team (FrSIRT). That flaw hasn't yet been widely taken advantage of. Workarounds to protect against it are described in FrSIRT advisory 3593 and Microsoft bulletin 925444.

As always, everyone at Windows Secrets recommends that you use the Firefox browser instead of IE, which has numerous unpatched security problems. IE flaws, however, should be patched whenever possible. Even if you don't use IE, its components remain in Windows and can still be exploited in some cases.

We'll have more on these problems in the paid version of the newsletter on Sept. 28.

Reply via email to