Browser Security News

Sunbelt’s recent Vector Markup Language (VML) vulnerability discovery has drawn some attention here on the blogs, and rightly so. The impact of the vulnerability is fairly significant and there are reports that malicious sites are exploiting the vulnerability to install malicious code of all sorts.

For those without perimeter/endpoint defenses to identify the exploit and those seeking additional assurances that the issue can be effectively blocked, I’d like to note some workarounds that I’ve found effective. The vulnerable component in this instance is vgx.dll. Microsoft has proposed three workarounds in Security Advisory 925568 that appear to be effective in blocking the attack, and another aimed at mitigating the attack.

Microsoft notes that reading e-mail in plain text is a mitigator against e-mail based attacks, but the attacks seen at this time are not e-mail based, to the best of my knowledge. You may disable access to vgx.dll by either un-registering it or blocking access with file system access control lists. Microsoft also suggests users of Windows XP SP2 disable binary and script behaviors within Internet Explorer. All of these workarounds are effective, and you should apply them if possible. [tag]VML Zero-Day[/tag]SecuriTeam Blogs » Internet Explorer VML Zero-Day Mitigation