Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Patch released for high profile VML vulnerability

September 26th 2006 in Uncategorized

A patch for the high profile VML Vulnerability has been released by Micrososoft. It resolves not only the public vulnerability but also additional issues discovered through internal investigations.  It is available via Windows Update, Microsoft Update, Autoupdate and WSUS.

It only applies to IE5 and IE6 machines.  IE7 is immune to this (and most other) vulnerabilities.

Security Bulletin here:

Microsoft Security Response blog:

Important notes:

If the workaround “Modify the Access Control List on Vgx.dll to be more restrictive” has been applied to systems, the security updates provided may not install correctly. See the Workarounds for VML Buffer Overrun Vulnerability – CVE-2006-4868 section in this security bulletin for instructions on how to revert this workaround before applying this security update.

You may also wish to review Jesper's comments about reversing mitigations that may have been applied to your system:

One comment to...
“Patch released for high profile VML vulnerability”


Hello Tagshare – tell Wayne he owes me a Chivas [D]"What is the best antispyware application?" is an oft asked question.  Unfortunately, gentle reader, the answer is one that you may not like.In short, there is no magical prophylactic out there that will protect your computer from all spyware, or from the inevitable results of "unsafe […]

Previous Entry

Seen on the Microsoft Switzerland Security Blog:http://news.bbc.co.uk/1/hi/technology/5371078.stm"Analysis of the net addresses where the e-mail messages originated showed that more than 100,000 hijacked home computers [my emphasis] spread across 119 nations had been used to despatch the junk mail."Do you have a home computer? A broadband connection? Then the spammers want your machine, and if you give […]

Next Entry