Posted on 09/20/2006 12:41:51 PM PDT by Eagle9
Although Microsoft has acknowledged that in-the-wild exploits are taking advantage of an unpatched flaw in Internet Explorer, the developer has not committed to cranking out a fix before next month's regularly-scheduled update on Oct. 10. Users who want to protect themselves now, however, do have options.
Disable the vulnerable .dll: In the security advisory posted yesterday, Microsoft suggested that users can disable the vulnerable "Vgx.dll" from the command line.
-- Click Start, choose Run, and then type
-- regsvr32 -u "%ProgramFiles%\Common Files\Microsoft Shared\VGX\vgx.dll
-- Click OK, then click OK again in the confirmation dialog that appears.
To undo the command, use:
-- regsvr32 "%ProgramFiles%\Common Files\Microsoft Shared\VGX\vgx.dll
Use Group Policy to propagate .dll disabling: Microsoft's workarounds don't include this time saver, but an independent researcher has posted templates for creating a pair of Group Policy objects that disable (or undo that) for all users of a Windows domain.
For the details, head to Jesper Johansson's blog, here.
Disable Binary and Script Behaviors in IE 6: Another purely defensive move recommended by Microsoft is to turn off this scripting feature within the browser. Note, however, that this only protects against the currently-known exploit, which could, of course, morph into something else entirely.
-- Select Tools|Internet Options in IE
-- Click the "Security" tab
-- Click "Internet," then "Custom Level"
-- In the "ActiveX controls and plug-ins" section, under "Binary and Script Behaviors," click "Disable," and then click OK.
Repeat the last step above, but in the "Local intranet" zone.
Use another browser: Several security researchers and organizations have recommended dumping IE 6 in similar zero-day situations, and this was no different.
"One of the easiest ways might be to use Firefox with a plug-in to allow certain sites (such as windowsupdate.com) to transparently use MSIE to get back the ActiveX functionality without bothering the user over the choice and differences," said the Internet Storm Center in an online alert Wednesday.
Two such plug-ins (called "extensions" in Firefox parlance) that add IE functionality to Firefox are IE Tab and IE View.
In this case, "another browser" can also mean Internet Explorer 7, which is currently in Release Candidate 1. According to a Microsoft spokesman late Tuesday, IE 7 is not vulnerable to the VML bug.
IE 7 RC1 can be downloaded from the Microsoft site.
Not hard. Just an exercise in beating your head on the wall, waiting for yet another exploit to be foisted. It's not worth the hassle. I've more productive things to worry about.
Thanks so much for your reply.
I tried the VML test with the clock and couldn't see it, so I guess I passed.
And I think I figured out why I don't have "Binary and Script Behaviors" by comparing my PC to my laptop from work. It must be because I've got XP on my home PC, but without SP1 or SP2 installed like my work laptop has. (Yeah, I know. *blushes*) But at least I was able to change those settings and unregister the .dll on my work laptop and make that safer.
Thanks again!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.