Security news, Virus news September 20, 2006

imgresizer.aspx.jpg

Although Microsoft has acknowledged that in-the-wild exploits are taking advantage of an unpatched flaw in Internet Explorer, the developer has not committed to cranking out a fix before next month’s regularly-scheduled update on Oct. 10. Users who want to protect themselves now, however, do have options.

Disable the vulnerable .dll: In the security advisory posted yesterday, Microsoft suggested that users can disable the vulnerable “Vgx.dll” from the command line.

- Click Start, choose Run, and then type
advertisement

- regsvr32 -u “%ProgramFiles%\Common Files\Microsoft Shared\VGX\vgx.dll

- Click OK, then click OK again in the confirmation dialog that appears.

To undo the command, use:

- regsvr32 “%ProgramFiles%\Common Files\Microsoft Shared\VGX\vgx.dll

Use Group Policy to propagate .dll disabling: Microsoft’s workarounds don’t include this time saver, but an independent researcher has posted templates for creating a pair of Group Policy objects that disable (or undo that) for all users of a Windows domain.

Disable Binary and Script Behaviours in IE 6: Another purely defensive move recommended by Microsoft is to turn off this scripting feature within the browser. Note, however, that this only protects against the currently-known exploit, which could, of course, morph into something else entirely.

- Select Tools|Internet Options in IE

- Click the “Security” tab

- Click “Internet,” then “Custom Level”

- In the “ActiveX controls and plug-ins” section, under “Binary and Script Behaviors,” click “Disable,” and then click OK.

Repeat the last step above, but in the “Local intranet” zone.

Use another browser: Several security researchers and organizations have recommended dumping IE 6 in similar zero-day situations, and this was no different.

“One of the easiest ways might be to use Firefox with a plug-in to allow certain sites (such as windowsupdate.com) to transparently use MSIE to get back the ActiveX functionality without bothering the user over the choice and differences,” said the Internet Storm Centre in an online alert Wednesday.

Two such plug-ins (called “extensions” in Firefox parlance) that add IE functionality to Firefox are IE Tab and IE View.

In this case, “another browser” can also mean Internet Explorer 7, which is currently in Release Candidate 1. According to a Microsoft spokesman late Tuesday, IE 7 is not vulnerable to the VML bug.

IE 7 RC1 can be downloaded from the Microsoft site.

*

Related Articles:
  • Google ordered to hand over data: A federal judge has ordered internet search engine Google to
  • IBM builds security into microprocessor: IBM researchers have developed encryption technology that can be built
  • Another day, another zero-day MS exploit: Business users are being encouraged to be more cautious when
  • Google set for court in data spat: Google is to take on the US government in court
  • IBM drops patent claims against SCO: IBM has dropped its three remaining claims of patent infringement
    • Articles:

    Leave a Reply

    You must be logged in to post a comment.