VML Exploit Patched

Update on today’s out of band release

Hi everyone, Scott here to tell you about today’s out of band release. Everything should be available at this point.

With this particular vulnerability, the biggest concern we had was around risk. This one affected many different platforms in many scenarios that are considered by customers to be common usage. While the attacks we saw were very limited, our decision to go out of band on this release was really around the risk in combination with the attacks. Through some really top notch effort by all our testing teams, we were able to reach our quality bar far sooner than we originally anticipated. Yesterday we really became confident in our final checklists that we could release it and so we have done so. Please be sure you check out the security bulletin for all the information about this update:

http://www.microsoft.com/technet/security/Bulletin/MS06-055.mspx

One thing to note, we recommend that you undo any of the previously recommended workarounds involving VGX.DLL before applying this update. Information on how to undo those workarounds is detailed in the bulletin. This is very important because if you do not revoke the VGX.DLL changes, the update could fail to install or deploy.


You can download the patch from the bulletin link.

Just an FYI, IE 7 was not affected by this either.

Mastertech- thanks for the info but it was already posted :smiley:

http://forum.avast.com/index.php?topic=23646.60

Quote from: marc57 on September 26, 2006, 06:29:43 PM
There is now an official patch for this through windows update.
Quote
Security Update for Windows XP (KB925486)
Typical download size: 250 KB , less than 1 minute
A security issue has been identified in the way Vector Markup Language (VML) is handled
that could allow an attacker to compromise a computer running Microsoft Windows and gain control over it.
You can help protect your computer by installing this update from Microsoft. After you install this item,
you may have to restart your computer.

Not everyone checks that post for a patch.

Yes I also downloaded it through regular Windows update:


http://img204.imageshack.us/img204/2135/untitled1kf0.th.jpg

Edit: and yes… it is good to have this in separate thread with clean topic name, so all those who didn’t want to be part of those old threads in any way (not even to read them), or new forum memebers, can easily find this information… even though it’s relatively not “fresh” any more.

Ok- SZC guess you were right and Mastertech also :smiley:
To make sure everyone saw it ::slight_smile:
Have a good one my avast!friends

What happened SZC-no Avatar!? ???

There is little “running” dot avatar…

See it now…So small…Whats its meaning or purpose?
Have a good one my friend :wink:

Nothing special… just like life itself… coming and going… raging river of millions of little events ;D

Thanks for the helpful post, Mastertech.