IE zero day patch is out

Microsoft Security Bulletin MS06-055 – Vulnerability in Vector Markup
Language Could Allow Remote Code Execution (925486)

The zero day IE patch is now released but it's very important that you undo whatever mitigations you performed in order to protect yourself for this.

In my case it's a piece of cake to undo what I did, but if you unregistered the dll, reregister it, if you acl'd the file, de-acl it.

Review Dr. J's blog as well for follow up issues with the mitigations you took:

Jesper's Blog : Negative Impacts of VML Vulnerability Workaround:

2 Thoughts on “IE zero day patch is out

  1. Couple of caveats…

    When I tried to apply the patch on my SBS server, the installation failed. I had previously applied the group policy that added Deny Everyone to the VGX.dll file accross my domain. Even though I had reversed the policy (i.e. applied the new policy to set the file to inherit all permissions) and updated group policy and verified that it had taken effect – the update still failed. I renamed the dll (SFC immediately put back a fresh copy) then the update succeeded.

    If you’ve gone the ISA route and added VML filters to all your HTTP rules, note that this will prevent Outlook RPC-over-HTTP from working and it will also affect the layout of the default Companyweb home page. This is probably moot now that the patch is out and it is safe to remove the VML filtering. All the problems go away when the filters are removed.

  2. Watch out for Word-edited web pages you might be publishing, too.
    It adds a nice set of propertiy statements in the HTML tag that the filter is designed to block. was not happy until I changed this.

    Basically, it just goes to show that you need to test your applications after adding any blocking mechanism.

Post Navigation