|
| VML vulnerability patched |
 |
Tue, 26 Sep 2006 22:21:02 +000 |
For those of you not using IE7...
A patch for the high profile VML Vulnerability has been released by Micrososoft.
It resolves not only the public vulnerability but also additional issues
discovered through internal investigations. It is available via Windows Update,
Microsoft Update, Autoupdate and WSUS.
It only applies to IE5 and IE6 machines. IE7 is immune to this (and most other)
vulnerabilities.
Security Bulletin here:
http://www.microsoft.com/technet/security/Bulletin/MS06-055.mspx
Microsoft Security Response blog:
http://blogs.technet.com/msrc/archive/2006/09/26/459194.aspx
Important notes:
If the workaround “Modify the Access Control List on Vgx.dll to be more
restrictive” has been applied to systems, the security updates provided may
not install correctly. See the Workarounds for VML Buffer Overrun Vulnerability
– CVE-2006-4868 section in this security bulletin for instructions on how to
revert this workaround before applying this security update.
You may also wish to review Jesper's comments about reversing mitigations that
may have been applied to your system:
http://msinfluentials.com/blogs/jesper/archive/2006/09/26/VML-Patch-Is-Out-_2D00
_-Unapply-The-Mitigations.aspx
|
| Post Reply
|
| Re: VML vulnerability patched |
 |
Thu, 28 Sep 2006 12:03:17 +000 |
Hi Sandi,
Thanks!
In addition: it seems the update doesn't even show up in Windows Update on
systems where IE7 is installed.
CU
Hans
|
| Post Reply
|
|
|
|
|
|
|
|
|
|