Guarding Against the New IE Exploit
Earlier this week Security Fix wrote about a newly discovered vulnerability in Microsoft's Internet Explorer Web browser that bad guys were exploiting to install malicious software when users merely browsed certain nasty Web sites.
Microsoft has since published an advisory with a workaround that seems to be pretty effective at stopping these attacks, pending the release of a patch from Microsoft (the company says it may not arrive until Oct. 10). The temporary fix involves "unregistering" the vulnerable Windows component, and is pretty straightforward step that should help mitigate this threat.
The problem is present in all versions of IE 5.0 and higher, according to US-CERT. I have not seen anyone test this exploit against IE 7 yet, but I've not heard of any evidence that the later version is vulnerable.
The following workaround works on Windows XP Service Pack 1 and 2, Windows Server 2003 and Windows Server 2003 Service Pack 1:
1) Open up a command prompt: Click "Start," then "Run," and a text box should pop up.
2) Cut and paste the following text into that box: regsvr32 -u "%ProgramFiles%\Common Files\Microsoft Shared\VGX\vgx.dll
3) Then hit enter or click "Ok." You should then receive a pop-up window stating that the vulnerable component has been unregistered.
Even if you don't use IE as your default browser, disabling this Windows component may prove essential. One need only look back at the security headaches Windows users had earlier this year with the Windows meta file (WMF) vulnerabilities, when Microsoft was forced to issue a patch outside of its normal monthly patching process in part due to the creation of unofficial patches from third-party security vendors.
With that problem, it was sufficient for Windows users merely to have the vulnerable WMF component active on a system for it to be compromised by a variety of different means, whether through a third-party e-mail client or other software that might invoke the flawed component.
Incidentally, anyone willing to take bets on how long it will be until we start to see a repeat of third-party patches to fix this problem?
September 21, 2006; 2:29 PM ET
Categories: Latest Warnings
Save & Share: Previous: Newly Detected IE Exploit Spells Massive Spyware Trouble
Next: Apple Issues Patches for Laptop Wireless Flaws
Posted by: MsFixIt | September 21, 2006 2:52 PM | Report abuse
Posted by: William | September 21, 2006 3:06 PM | Report abuse
Posted by: Bk | September 21, 2006 3:16 PM | Report abuse
Posted by: Rich Gibbs | September 21, 2006 5:01 PM | Report abuse
Posted by: scottr | September 21, 2006 5:10 PM | Report abuse
Posted by: scottr | September 21, 2006 5:13 PM | Report abuse
Posted by: Rich Gibbs | September 21, 2006 6:27 PM | Report abuse
Posted by: Big Geek Daddy | September 21, 2006 7:58 PM | Report abuse
Posted by: Rich Gibbs | September 22, 2006 10:52 AM | Report abuse
Posted by: Rich Gibbs | September 22, 2006 12:22 PM | Report abuse
Posted by: Michael | September 22, 2006 12:28 PM | Report abuse
Posted by: COMPUABLE | September 22, 2006 12:39 PM | Report abuse
Posted by: Rich Gibbs | September 22, 2006 2:56 PM | Report abuse
Posted by: Ed | October 2, 2006 4:19 AM | Report abuse
The comments to this entry are closed.