New Computer Threat--NO PATCH YET.

[Ross]

I just got the heads up about a new computer threat and think since the way this is spreading, I should tell you people about it. The zero day exploit or VML exploit. Until there is a patch for this thing, please consider disabling your browsers rendering .dll which also affects Outlook Express email.

To disable the .dll, go to start/run and copy and paste this line into the command line, then hit enter:

regsvr32 -u "%ProgramFiles%\Common Files\Microsoft Shared\VGX\vgx.dll

Test your browser at this link:

http://www.isotf.org/zert/testvml.htm

To reenable the .dll copy and paste this line into the start/run command line and press enter:

regsvr32 "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll

About the exploit:

http://www.counterpane.com/exploit-MSIE_Zero-Day_VML.html

 

[Dennis S]

Browser

Browser

Did I read this correctly to say if your browser is not Internet Explorer 5 or higher there is no exposure?

 

[Ross]

Versions Affected
Microsoft Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
Microsoft Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4
Microsoft Internet Explorer 6 Service Pack 1 on Microsoft Windows XP Service Pack 1
Microsoft Internet Explorer 6 for Microsoft Windows XP Service Pack 2
Microsoft Internet Explorer 6 for Microsoft Windows Server 2003
Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 Service Pack 1
Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 (Itanium)
Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 with SP1 (Itanium)
Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition
Microsoft Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition
Microsoft Internet Explorer 6 Service Pack 1 on Microsoft Windows 98
Microsoft Internet Explorer 6 Service Pack 1 on Microsoft Windows 98 SE
Microsoft Internet Explorer 6 Service Pack 1 on Microsoft Windows Millennium Edition

If it's not Internet Explorer, you shouldn't be affected, but I don't know if they've tested other browsers as well.

 

[Ross]

Just tried it with Firefox and got this:

VML test case, CVE-2006-4868

This is a test page to determine whether your browser is vulnerable to the VML vulnerability specified in CVE-2006-4868.

Since your browser is not Internet Explorer 5 or higher it does not support the vulnerable VML module, and you are therefor not vulnerable.

If you would like to know more about the Zeroday Emergency Response Team, please visit http://isotf.org/zert/

 

[Ross]

Hey campers, the patch is now availble from microsoft. Get it now. If you've disabled your .dll or patched with an unknown patch, reenable the .dll or remove the patch, then apply microsofts updated patch.

http://www.microsoft.com/technet/security/Bulletin/MS06-055.mspx