PatchLink releases a workaround for VML exploit to protect customers from zero day threats
As hackers continue to exploit a security vulnerability in Microsoft Internet Explorer, rated as "extremely critical", PatchLink is releasing a PatchLink authored workaround for customers worldwide to protect their networks from VML zero-day threats.
According to PatchLink Vice President of Security Technologies Chris Andrew, the Microsoft IE flaw could be potentially harmful to the IT environment as it can lead to remote execution of a malicious code on a users' system.
Andrew notes: "Zero day vulnerabilities such as the IE flaw are a rising trend in today's security landscape. With the VML exploit now becoming more widespread, PatchLink has taken immediate action to develop and deliver an automated workaround for the zero-day threat for our customers to mitigate risks to their entire IT infrastructure until next Microsoft Patch Tuesday rolls around. This countermeasure helps our customers to automatically deploy one of the Microsoft endorsed solutions for this particular exploit, and can be automatically uninstalled once the official vendor patch becomes available."
PatchLink cautions IT professionals to always implement a best practices approach for distributing patches. A wait-and-see approach leaves a network open to attack and also increases the chance of human error. With some planning in conjunction with automated IT security software solutions for patch management and vulnerability remediation, critical security updates can be easily tested and deployed long before a virulent worm or trojan attacks.
Andrew adds: "As the number of vulnerabilities continue to rise with over 6,700 expected in 2006*, IT administrators can expect to see more third party patches such as the VML patch released by the ZERT group to protect against zero-day outbreaks. However, PatchLink strongly recommends organizations perform a full risk assessment to ensure the patch is fully endorsed and recognized as the appropriate safe and test solution by trusted industry organizations such as PatchLink, SANS or CERT before blindly implementing this temporary patch for the MS IE flaw. IT staff and end users may also be lulled into downloading bogus 'fixes' for the patch and so this is another great reason to make sure anti-virus is kept up to date during this critical period."
For non-PatchLink customers, Andrew recommends using Microsoft endorsed workaround.
- Update your antivirus software, make sure your vendor has protection for it (*).
- Unregister the vulnerable dll:
" regsvr32 /u "%ProgramFiles%\Common Files\Microsoft Shared\VGX\vgx.dll"
or
"regsvr32 /u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"
And reboot the machine to make sure all in memory copies are gone as well. - Consider asking your users to stop their usage of MSIE, we know it's hard to break an addiction, but you're using the most targeted browser in the world.
Reproduced from an article published by PatchLink
© PatchLink
The original article can be viewed here:
http://www.patchlink.com/press/press_releases.html?id=137
Permalink Bookmark Digg this story
