Portal Home |  IS News Menu |  Portal Menu |  ISB Menu |  Main Content
Microsoft Issues Critical VML Patch Out of Synch
27 Sep 11:49

A patch fixing a recently exploited vulnerability in the company's implementation of the Vector Markup Language, which could lead to complete system compromise, has been issued between normal updates. It should be applied immediately.

The vulnerability is a buffer overrun flaw, CVE-2006-4868, which is connected to Internet Explorer, versions before 7.0. It allows an attacker to execute arbitrary code on a computer opening a malicious message or browsing a malicious web page. Exploits are in the wild.

The patch replaces vgx.dll. Thus, if you have used the workaround recommended by Microsoft to mitigate this vulnerability, namely deregistering vgx.dll, you will need to re-register the library by running the command

"SystemRootSystem32regsvr32.exe" "CommonProgramFilesMicrosoft SharedVGXvgx.dll"

(System --> run, etc).

Others have recommended other workarounds, and these as well will have to be reset manually.

It is recommended system administrators read MS-06-55 (link below).

Related links: (Open in a new window.)
External link www.microsoft.com/technet/security/Bulletin/MS06-055.mspx

View Printable View printable version (opens in new window)
Back Back