Microsoft Issues Emergency Patch for IE Flaw
Microsoft Corp. today issued a security update to fix a serious flaw in its Internet Explorer browser -- a flaw that hackers have been exploiting to install spyware on vulnerable computers.
Microsoft is issuing the update outside of its monthly patch cycle in part because researchers have detected a large number of Web sites created by hackers to exploit the vulnerability. Microsoft no doubt also was prodded by the release of an unofficial third-party patch late last week from a group of security experts concerned about the prospect of tens of millions of IE users cruising the Web without any protection against this attack.
Update, 4:21 p.m. ET: A link to the patch and advisory is now live. The headline and intro for this post also were changed to reflect that. Also, it's worth noting, Microsoft is advising anyone who has already unregistered or deactivated the offending piece of code (as per Security Fix's previous advice) to re-activate those components before applying this patch. If you previously deactivated the flawed IE component, one easy way to bring it back is by following these instructions. According to Redmond, "reactivating the flawed component before applying this patch "is very important because if you do not revoke the VGX.DLL changes, the update could fail to install or deploy."
If you followed our tips on deactivating the VGX.dll system file, do the following before applying this patch:
1) Open up a command prompt: Click "Start," then "Run," and a text box should pop up.
2) Cut and paste the following into that box: regsvr32 "%ProgramFiles%\Common Files\Microsoft Shared\VGX\vgx.dll"
The comments to this entry are closed.