waldwolf Posted September 23, 2006 Share Posted September 23, 2006 For information: A new vulnerability in Windows, that is being actively exploited on the web to install malware into innocent users' machines, has been discovered. (Over 1000 websites (porno, warez, etc) have already been identified.) This vulnerability involves buffer overflow in the Vector Markup Language (VML) library file used by Microsoft Internet Explorer and Outlook. A buffer overflow in the Microsoft Vector Graphics Rendering (VML) engine (filename: VGX.DLL) allows remote code execution. Microsoft has acknowledged this problem and expects to have a patch by October 10th. A reputable group known as "ZERT" — Zeroday Emergency Response Team — has produced a GUI and Command Line patch utility which repairs the VML buffer overrun design flaw in Microsoft's VGX.DLL file. Since VML is rarely used on the web, "unregistering" the vulnerable DLL to take it completely out of service is probably the best countermeasure. However, if you choose to unregister the DLL you will need to remember to re-register it later, once Microsoft has released a formal "fix". More Info: http://www.microsoft.com/technet/security/...ory/925568.mspx http://www.grc.com/sn/notes-058.htm http://securityresponse.symantec.com/avcen...tent/20096.html Vulnerability Test and Workaround Patch: http://isotf.org/zert/download.htm waldwolf PS - While the use of other browsers, such as Firefox, offer greater protection, you could still become infected via email if you use Microsoft's Outlook, as Outlook also utilizes the Internet Explorer engine. . Link to comment Share on other sites More sharing options...
Jing-jo Posted September 23, 2006 Share Posted September 23, 2006 For information:A new vulnerability in Windows, that is being actively exploited on the web to install malware into innocent users' machines, has been discovered. (Over 1000 websites (porno, warez, etc) have already been identified.) This vulnerability involves buffer overflow in the Vector Markup Language (VML) library file used by Microsoft Internet Explorer and Outlook. A buffer overflow in the Microsoft Vector Graphics Rendering (VML) engine (filename: VGX.DLL) allows remote code execution. Microsoft has acknowledged this problem and expects to have a patch by October 10th. A reputable group known as "ZERT" — Zeroday Emergency Response Team — has produced a GUI and Command Line patch utility which repairs the VML buffer overrun design flaw in Microsoft's VGX.DLL file. Since VML is rarely used on the web, "unregistering" the vulnerable DLL to take it completely out of service is probably the best countermeasure. However, if you choose to unregister the DLL you will need to remember to re-register it later, once Microsoft has released a formal "fix". More Info: http://www.microsoft.com/technet/security/...ory/925568.mspx http://www.grc.com/sn/notes-058.htm http://securityresponse.symantec.com/avcen...tent/20096.html Vulnerability Test and Workaround Patch: http://isotf.org/zert/download.htm waldwolf PS - While the use of other browsers, such as Firefox, offer greater protection, you could still become infected via email if you use Microsoft's Outlook, as Outlook also utilizes the Internet Explorer engine. . this is yet another reason to use firefox and thunderbird in place of microsh#te version that has more vunerabilities than a drunk and drugged up rich farang in a russian mafia owned whorehouse no offence to russia or girl rental outlets Link to comment Share on other sites More sharing options...
Firefoxx Posted September 24, 2006 Share Posted September 24, 2006 IE has too many known vulnerabilities like this, and they've been around for a *long* time. Tons of websites exploit these weaknesses. As I've said before, if you don't want virii, malware, and spyware on your computer, one of the best preventive measures is to STOP USING IE. Link to comment Share on other sites More sharing options...
Crushdepth Posted September 24, 2006 Share Posted September 24, 2006 I'm amazed that so many people still use IE. It's not just risky, its also CRAP! I just cringe when I use it now. Urgh... Link to comment Share on other sites More sharing options...
waldwolf Posted September 24, 2006 Author Share Posted September 24, 2006 Firefox/Thunderbird users should be aware they are not totally immune from malware attack. Reference: http://www.mozilla.org/security/announce/2...fsa2006-44.html http://www.mozilla.org/security/announce/2...fsa2006-63.html Recently Addressed Threats: http://www.mozilla.org/projects/security/k...es.html#Firefox http://www.mozilla.org/projects/security/k...tml#Thunderbird If you run Firefox/Thunderbird, and you have not already done so, it is strongly recommended you update both Firefox and Thunderbird to version 1.5.0.7 (released September 19, 2006). waldwolf . Link to comment Share on other sites More sharing options...
Firefoxx Posted September 25, 2006 Share Posted September 25, 2006 Firefox and its ilk are not totally immune, but nothing really is. It's just the relative *level* of vulnerability is very different. Tons of websites target IE, while relatively few target other browsers. You could probably get a few hundred virii with IE during a week, but none with Firefox. Link to comment Share on other sites More sharing options...
Michael W Posted September 25, 2006 Share Posted September 25, 2006 I'm amazed that so many people still use IE. It's not just risky, its also CRAP! I just cringe when I use it now. Urgh...I mostly agree. I use Firefox about 99% of the time but there still remains the one percent of Web sites I occasionally visit (typically corporate ones) that still only work properly with IE. However, I would fully apply what you said, and more, to Outlook. Anyone who uses that for e-mail is quite simply a drooling, mouth breathing, ******. Link to comment Share on other sites More sharing options...
astral Posted September 26, 2006 Share Posted September 26, 2006 I'm amazed that so many people still use IE. It's not just risky, its also CRAP! I just cringe when I use it now. Urgh...I mostly agree. I use Firefox about 99% of the time but there still remains the one percent of Web sites I occasionally visit (typically corporate ones) that still only work properly with IE. However, I would fully apply what you said, and more, to Outlook. Anyone who uses that for e-mail is quite simply a drooling, mouth breathing, ******. With Outlook Express I agree, but you must remember that in the business environment there may be no choice except Outlook, if that is what your company specifies. Link to comment Share on other sites More sharing options...
Thaising Posted September 27, 2006 Share Posted September 27, 2006 Microsoft Offers Early Fix for Critical IE Bug Mounting problem forces software giant to release VML patch ahead of its monthly security update IDG News Service Tuesday, September 26, 2006 12:00 PM PDT With attackers finding new ways to exploit a critical flaw in Internet Explorer, Microsoft today released a patch for the problem, ahead of its next scheduled round of security updates. The patch fixes a critical vulnerability in the way Internet Explorer renders VML (Vector Markup Language) graphics. Hackers had been exploiting the flaw, which also link type="internal" src="/article/id,127229/article.html">affects some versions of Outlook, for more than a week, and in recent days malicious activity had been on the upswing. Microsoft Security Bulletin MS06-055 discusses the problem and the patch. The out-of-cycle release is unusual, but not unprecedented. Microsoft generally releases its security updates on the second Tuesday of every month, giving system administrators a predictable way to set aside time to test the new software. Occasionally, the company will release patches ahead of time if a flaw is being widely exploited by attackers. In January, it patched a critical flaw in the Microsoft Windows Metafile (WMF) image-rendering engine after it became a widespread problem. VML 'A Serious Concern' With attack code that works on the latest version of Windows XP now publicly available, the VML bug is shaping up as a very serious concern for administrators, said Ken Dunham, the director of Verisign's iDefense Rapid Response Team. VML attacks have now "dwarfed the WMF activity in the same period of time compared to last year," he said. By today, more than 3,000 Web sites were already infecting users with malware that exploited the VML bug, according to Dunham. One week into the WMF outbreak last January, iDefense saw about 600 sites exploiting the problem. Security experts also warn that there are many variants of the VML malware, some of which may be missed by security software. Researchers at iDefense are now looking at a dozen possible variations of the VML exploit code and have confirmed the existence of seven variants, Dunham said. "With WMF there wasn't nearly as much modification. We see a lot of different permutations and obfuscation techniques being utilize with VML attacks." A group of security researchers released a patch for the VML flaw late last week, independent of Microsoft, but criminals have even found a way to exploit the fix. In the past few days they have been circulating phoney e-mails, claiming to be a patch for the VML problem. If downloaded, this fake patch actually installs malicious software on the victim's system, Dunham said. The increase in attacks put Microsoft on the spot to produce an early fix. Microsoft's next regularly scheduled security updates will be released Oct. 10. Link to comment Share on other sites More sharing options...
.png.3b3332cc2256ad0edbc2fe9404feeef0.png)
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now