PatchLink releases a workaround For VML exploit

As malicious hackers continue to exploit a security vulnerability in Microsoft Internet Explorer, rated as “extremely critical”, PatchLink is releasing a PatchLink authored workaround for customers worldwide to protect their networks from VML zero-day threats.

According to Alan Bentley MD of PatchLink EMEA, the Microsoft IE flaw could be potentially harmful to the IT environment as it can lead to remote execution of a malicious code on a users’ system. Alan notes: “Zero day vulnerabilities such as the IE flaw are a rising trend in today’s security landscape. With the VML exploit now becoming more widespread, PatchLink has taken immediate action to develop and deliver an automated workaround for the zero-day threat for our customers to mitigate risks to their entire IT infrastructure until next Microsoft Patch Tuesday rolls around. This countermeasure helps our customers to automatically deploy one of the Microsoft endorsed solutions for this particular exploit, and can be automatically uninstalled once the official vendor patch becomes available.”

For non-PatchLink customers, Alan recommends using Microsoft endorsed workaround.

* Update your antivirus software, make sure your vendor has protection for it (*).
* Unregister the vulnerable dll:
* regsvr32 /u “%ProgramFiles%\Common Files\Microsoft Shared\VGX\vgx.dll” or regsvr32 /u “%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll”

And reboot the machine to make sure all in memory copies are gone as well.

* Consider asking your users to stop their usage of MSIE, we know it’s hard to break an addiction, but you’re using the most targeted browser in the world.

Reregistering a DLL (which you might want to do after an official patch is released) is done with the same command as unregistration, but without the “/u”.