# CRITICAL: Workaround for Vgx.dll vulnerability until the patch is issued



## Zazula (Apr 27, 2006)

*Vulnerability in Vector Markup Language Could Allow Remote Code Execution*

Microsoft Security Advisory (925568)



> Microsoft has confirmed new public reports of a vulnerability in the Microsoft Windows implementation of Vector Markup Language (VML) Microsoft is also aware of the public release of detailed exploit code that could be used to exploit this vulnerability. Based on our investigation, this exploit code could allow an attacker to execute arbitrary code on the user's system. *Microsoft is aware that this vulnerability is being actively exploited.*
> 
> A security update to address this vulnerability is now being finalized through testing to ensure quality and application compatibility *Microsoft’s goal is to release the update on Tuesday, October 10, 2006*, or sooner depending on customer needs.


Please read a.s.a.p. the advisory linked above. Workarounds (you'll find analytical instructions there) include:
1. Un-register Vgx.dll
2. Modify the Access Control List on Vgx.dll to be more restrictive
3. Configure Internet Explorer 6 for Microsoft Windows XP Service Pack 2 to disable Binary and Script Behaviors in the Internet and Local Intranet security zone
4. Read e-mail messages in plain text format to help protect yourself from the HTML e-mail attack vector
5. Block VML Vulnerability Traffic with ISA Server (if available)


----------



## Cellus (Aug 31, 2006)

Microsoft has updated this security advisory twice since it was released, so keep an eye out for any additional updates as time progresses.

As a shameless plug, it is also a good idea if you are interested in receiving security bulletins via e-mail, instant message, RSS, or on your mobile to sign up on the Microsoft TechNet website (it's free).

Microsoft Technical Security Notifications


----------



## Cellus (Aug 31, 2006)

*UPDATE:*

Microsoft has released an official patch to fix this vulnerability, available on Windows Update. It is _highly_ recommended you run Windows Update and install this patch on your system.

If you used the workaround to unregister vgx.dll, please _re-register_ it as the official patch does not do it for you if you unregistered it. Type the following command in your Run window to re-register. If you did not use the workaround by unregistering vgx.dll, please ignore this:

regsvr32 "%ProgramFiles%\Common Files\Microsoft Shared\VGX\vgx.dll"


----------

