Hi everyone, Scott here to tell you about today’s out of band release. Everything should be available at this point.
With this particular vulnerability, the biggest concern we had was around risk. This one affected many different platforms in many scenarios that are considered by customers to be common usage. While the attacks we saw were very limited, our decision to go out of band on this release was really around the risk in combination with the attacks. Through some really top notch effort by all our testing teams, we were able to reach our quality bar far sooner than we originally anticipated. Yesterday we really became confident in our final checklists that we could release it and so we have done so. Please be sure you check out the security bulletin for all the information about this update:
One thing to note, we recommend that you undo any of the previously recommended workarounds involving VGX.DLL before applying this update. Information on how to undo those workarounds is detailed in the bulletin. This is very important because if you do not revoke the VGX.DLL changes, the update could fail to install or deploy.
Quote from: marc57 on September 26, 2006, 06:29:43 PM
There is now an official patch for this through windows update.
Quote
Security Update for Windows XP (KB925486)
Typical download size: 250 KB , less than 1 minute
A security issue has been identified in the way Vector Markup Language (VML) is handled
that could allow an attacker to compromise a computer running Microsoft Windows and gain control over it.
You can help protect your computer by installing this update from Microsoft. After you install this item,
you may have to restart your computer.
Edit: and yes… it is good to have this in separate thread with clean topic name, so all those who didn’t want to be part of those old threads in any way (not even to read them), or new forum memebers, can easily find this information… even though it’s relatively not “fresh” any more.