Vulnerability in Vector Markup Language
“Vulnerability in Vector Markup Language Could Allow Remote Code Execution.” This advisory provides a general overview of the problem and, fortunately, also provides a robust interim work-around to disable Windows’ and IE’s VML parsing. This can and should be used until Microsoft has repaired the buffer overrun in the VGX.DLL VML parser that is being actively exploited on the Internet. - Microsoft’s VML Security Advisory
Many sites have been using this security hole to run spyware and malware on visitors to thier sites. You won’t even know that you have downloaded the software. To prevent your browser from recognising the VML script and running it, you should disable the parser for a little while (see below). The only thing that you will be missing out on, from removing the parser, is the odd advertisement on some sites. There are also instructions to register the parser again at a later stage.
How to temporarily protect your system:
As detailed in Microsoft’s VML security advisory (see link above), you can quickly, easily, and safely protect your system from possible VML exploitation by “unregistering” the defective DLL. The system will no longer be able to render web-based vector markup language graphics, but you won’t notice any difference since few sites use VML for benign purposes.
Simply copy this command from this page (highlight the entire line then type Ctrl-C to Copy it into the clipboard), then open the “Run…” dialog by pressing your system’s Start button and choosing “Run…” Press “Backspace” to remove anything that might already be in the “Open” field, then type “Ctrl-V” to paste the command into the field. Press “OK” to execute the command and you should receive a dialog confirming that the VGX.DLL file has been “unregistered”…
regsvr32 -u “%CommonProgramFiles%Microsoft SharedVGXvgx.dll”
Please tell your family and friends and the word. Since this newly discovered Windows VML defect is being actively exploited by thousands of web sites to install malware, and since viewing malicious email with many versions of Outlook will also cause this to occur, EVERY Windows user is a potential victim. Please help people to protect themselves.
Once Microsoft has repaired this defect, which should happen no later than the second Tuesday in October (Oct. 10th) - and after you have applied those October security updates - you should re-register the repaired VGX.DLL file by repeating the steps above, but using a command without the “-u” argument, as follows:
regsvr32 “%CommonProgramFiles%Microsoft SharedVGXvgx.dll”
At that time, please also remind anyone you may have helped to protect themselves through un-registering the DLL to re-register it AFTER they have updated their system with the current October patches.
Thanks to Security Now! for pointing this out to me! Great Podcast by the way!
September 22nd, 2006 at 2:45 pm
I read yesterday about this issue on some news page here in the Netherlands, the funny thing was that there are people posting comments like:
“I suggest to use Firefox until this security issue is solved.”
or
“That the way it is, MS suggests to disable somthing to make their browser safe…”
Mozilla rules!
September 22nd, 2006 at 3:25 pm
Well apparently… there are software companies in Russia exploiting this vulnerability and they have browser detectors that even work out what version of browser you are using, and they can deploy malware though that browser’s security holes. Firefox included!
You should listen to the Podcast if you get a chance…
September 22nd, 2006 at 3:44 pm
The naive sheep always suggest Firefox. Firefox is a bug-ridden and vulnerable browser. IE is far more popular and as such it gets a lot more malicious attention. For the 5 or 7% browser market that firefox commands it has a lot more bugs and vulnerabilities relatively than its counterpart.
I’m not an MS supporter, I do not even use their platform anymore. My opinion is unbiased and based on many years of 16 hour a day usage of all browsers in the market. Firefox, is quite simply, one of the worst on the market. Without the extension ability, it would be the worst of the lot. It’s slow, it renders websites terribly, it has memory issues - its a shocker!
September 22nd, 2006 at 8:50 pm
Right Dan,
Often we forgot that, there are really a lot of bugs in FF and also thunderbird. I think I like the extensions at most while using FF.
I think an important protecton against vulnerabilities is to keep your eyes open…