Protect Yourself From An Unpatched Security Hole in Internet Explorer
The Flaw
Late last week, a new security flaw was discovered in Microsoft’s Internet Explorer Web browser. The flaw, which is already being exploited, can allow a Web site to install malicious software on your computer.
The security flaw affects Internet Explorer version 5 or greater on all Windows operating systems. While Microsoft is working on a patch, it may not be released until October 10th as part of Microsoft’s monthly patching cycle. The good news? There’s a quick and easy fix you can perform to protect yourself.
The Fix
The vulnerability lies in the Windows implementation of Vector Markup Language, or VML. This component can be used for rendering vector graphics on a Web page. However, since very few Web sites use this technology for legitimate purposes, you can safely disable it and thus protect yourself from any security risks.
To do so, first copy the following line by highlighting it and pressing Ctrl+C on your keyboard…
regsvr32 -u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"
Then click on the Start menu, and choose Run. In the dialog box that appears, press Ctrl+V on your keyboard and click OK to execute the command. Afterwards, you should see a dialog box confirming that the process succeeded.
Once Microsoft releases a patch for this flaw, you can re-enable VML by performing the same steps with the following command:
regsvr32 "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"
Remember that even if you do not use Internet Explorer for Web browsing, you still may be affected through email if you use software such as Outlook or Outlook Express.
UPDATE: Microsoft has now released a patch for this problem ahead of schedule. Please visit Windows Update to install the patch. If you previously disabled VML use the instructions above, you may now run the command to re-enable it.