02:07 PM

How To Defend Against IE's VML Bug

There's a potentially dangerous, unpatched flaw in Internet Explorer lurking around in the wild, but users who want to protect themselves do have some options. Here's a quick guide to some of them.

Although Microsoft has acknowledged that in-the-wild exploits are taking advantage of an unpatched flaw in Internet Explorer, the developer has not committed to cranking out a fix before next month's regularly-scheduled update on Oct. 10. Users who want to protect themselves now, however, do have options.

Disable the vulnerable .dll: In the security advisory posted yesterday, Microsoft suggested that users can disable the vulnerable "Vgx.dll" from the command line.

-- Click Start, choose Run, and then type

-- regsvr32 /u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll

-- Click OK, then click OK again in the confirmation dialog that appears.

To undo the command, use:

-- regsvr32 "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll

Use Group Policy to propagate .dll disabling: Microsoft's workarounds don't include this time saver, but an independent researcher has posted templates for creating a pair of Group Policy objects that disable (or undo that) for all users of a Windows domain.

For the details, head to Jesper Johansson's blog, here.

Disable Binary and Script Behaviors in IE 6: Another purely defensive move recommended by Microsoft is to turn off this scripting feature within the browser. Note, however, that this only protects against the currently-known exploit, which could, of course, morph into something else entirely.

-- Select Tools|Internet Options in IE

-- Click the "Security" tab

-- Click "Internet," then "Custom Level"

-- In the "ActiveX controls and plug-ins" section, under "Binary and Script Behaviors," click "Disable," and then click OK.

Repeat the last step above, but in the "Local intranet" zone.

Use another browser: Several security researchers and organizations have recommended dumping IE 6 in similar zero-day situations, and this was no different.

"One of the easiest ways might be to use Firefox with a plug-in to allow certain sites (such as to transparently use MSIE to get back the ActiveX functionality without bothering the user over the choice and differences," said the Internet Storm Center in an online alert Wednesday.

Two such plug-ins (called "extensions" in Firefox parlance) that add IE functionality to Firefox are IE Tab and IE View.

In this case, "another browser" can also mean Internet Explorer 7, which is currently in Release Candidate 1. According to a Microsoft spokesman late Tuesday, IE 7 is not vulnerable to the VML bug.

IE 7 RC1 can be downloaded from the Microsoft site.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of August 21, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.