YellowThe VML exploit is now becoming more widespread, so we changed the InfoCon level to yellow to emphasize the need to consider fixes.
If you have not taken measures yet, please consider some emergency fixes to cover the weekend (especially for those laptops surfing the web from home; they might be at high risk). The exploit is widely known, easy to recreate, and used in more and more mainstream websites. The risk of getting hit is increasing significantly.
Outlook (including outlook 2003) is - as expected - also vulnerable and the email vector is being reported as exploited in the wild as well.
Weekends are moreover popular moments in time for the bad guys to build their botnets.
ActionsWe suggest following actions (do them all: a layered approach will work when one of the measures fails):
regsvr32 -u "%ProgramFiles%\Common Files\Microsoft Shared\VGX\vgx.dll"
regsvr32 /u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"
QuotesKen Dunham from iDefense claims they have seen a significant increase in attacks over the last 24 hours and "[at] least one domain hosts provider has suffered a large-scale attack leading to index file modifications on over 500 domains". Those domains pointed visitors to a VML exploit. We're happy to note they join us in recommending "implementing a workaround ASAP" and see the upcoming weekend as a factor in it.
Swa Frantzen -- Section66
Sep 22nd 2006
1 decade ago