“Vulnerability in Vector Markup Language Could Allow Remote Code Execution.” This advisory provides a general overview of the problem and, fortunately, also provides a robust interim work-around to disable Windows’ and IE’s VML parsing. This can and should be used until Microsoft has repaired the buffer overrun in the VGX.DLL VML parser that is being actively exploited on the Internet. - Microsoft’s VML Security Advisory
Many sites have been using this security hole to run spyware and malware on visitors to thier sites. You won’t even know that you have downloaded the software. To prevent your browser from recognising the VML script and running it, you should disable the parser for a little while (see below). The only thing that you will be missing out on, from removing the parser, is the odd advertisement on some sites. There are also instructions to register the parser again at a later stage.
How to temporarily protect your system:
As detailed in Microsoft’s VML security advisory (see link above), you can quickly, easily, and safely protect your system from possible VML exploitation by “unregistering” the defective DLL. The system will no longer be able to render web-based vector markup language graphics, but you won’t notice any difference since few sites use VML for benign purposes.
Simply copy this command from this page (highlight the entire line then type Ctrl-C to Copy it into the clipboard), then open the “Run…” dialog by pressing your system’s Start button and choosing “Run…” Press “Backspace” to remove anything that might already be in the “Open” field, then type “Ctrl-V” to paste the command into the field. Press “OK” to execute the command and you should receive a dialog confirming that the VGX.DLL file has been “unregistered”…
regsvr32 -u “%CommonProgramFiles%Microsoft SharedVGXvgx.dll”
Please tell your family and friends and the word. Since this newly discovered Windows VML defect is being actively exploited by thousands of web sites to install malware, and since viewing malicious email with many versions of Outlook will also cause this to occur, EVERY Windows user is a potential victim. Please help people to protect themselves.
Once Microsoft has repaired this defect, which should happen no later than the second Tuesday in October (Oct. 10th) - and after you have applied those October security updates - you should re-register the repaired VGX.DLL file by repeating the steps above, but using a command without the “-u” argument, as follows:
regsvr32 “%CommonProgramFiles%Microsoft SharedVGXvgx.dll”
At that time, please also remind anyone you may have helped to protect themselves through un-registering the DLL to re-register it AFTER they have updated their system with the current October patches.
Thanks to Security Now! for pointing this out to me! Great Podcast by the way!
