News
News
9/20/2006
02:07 PM
Connect Directly
RSS
E-Mail
50%
50%

How To Defend Against IE's VML Bug

There's a potentially dangerous, unpatched flaw in Internet Explorer lurking around in the wild, but users who want to protect themselves do have some options. Here's a quick guide to some of them.

Although Microsoft has acknowledged that in-the-wild exploits are taking advantage of an unpatched flaw in Internet Explorer, the developer has not committed to cranking out a fix before next month's regularly-scheduled update on Oct. 10. Users who want to protect themselves now, however, do have options.

Disable the vulnerable .dll: In the security advisory posted yesterday, Microsoft suggested that users can disable the vulnerable "Vgx.dll" from the command line.

-- Click Start, choose Run, and then type

-- regsvr32 /u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll

-- Click OK, then click OK again in the confirmation dialog that appears.

To undo the command, use:

-- regsvr32 "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll

Use Group Policy to propagate .dll disabling: Microsoft's workarounds don't include this time saver, but an independent researcher has posted templates for creating a pair of Group Policy objects that disable (or undo that) for all users of a Windows domain.

For the details, head to Jesper Johansson's blog, here.

Disable Binary and Script Behaviors in IE 6: Another purely defensive move recommended by Microsoft is to turn off this scripting feature within the browser. Note, however, that this only protects against the currently-known exploit, which could, of course, morph into something else entirely.

-- Select Tools|Internet Options in IE

-- Click the "Security" tab

-- Click "Internet," then "Custom Level"

-- In the "ActiveX controls and plug-ins" section, under "Binary and Script Behaviors," click "Disable," and then click OK.

Repeat the last step above, but in the "Local intranet" zone.

Use another browser: Several security researchers and organizations have recommended dumping IE 6 in similar zero-day situations, and this was no different.

"One of the easiest ways might be to use Firefox with a plug-in to allow certain sites (such as windowsupdate.com) to transparently use MSIE to get back the ActiveX functionality without bothering the user over the choice and differences," said the Internet Storm Center in an online alert Wednesday.

Two such plug-ins (called "extensions" in Firefox parlance) that add IE functionality to Firefox are IE Tab and IE View.

In this case, "another browser" can also mean Internet Explorer 7, which is currently in Release Candidate 1. According to a Microsoft spokesman late Tuesday, IE 7 is not vulnerable to the VML bug.

IE 7 RC1 can be downloaded from the Microsoft site.

Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - August 27, 2014
Who wins in cloud price wars? Short answer: not IT. Enterprises don't want bare-bones IaaS. Providers must focus on support, not undercutting rivals.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Howard Marks talks about steps to take in choosing the right cloud storage solutions for your IT problems
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.