Thursday, September 28, 2006

Protect yourself from the latest zero day IE exploit

There's a zero day Internet Explorer 6 exploit out in the wild right now that can do some nasty things to a fully patched XP machine using IE6. It can also affects Firefox users and any other application that uses the IE browser control (like Outlook). There's a vulnerability in the VGX.dll, a vector drawing plug-in, that allows a website to launch a program of its choosing without informing the user. It could very well trash your machine, but likely we'’re talking about spyware and keyloggers. Eric Sites, VP of R&D at Sunbelt Software had this to say (in episode 58 of the Security Now podcast):
The first site we came across with this, in the morning it was only downloading one program, an adware called Virtumondo, which displays advertisements. By the late afternoon it was downloading 50 other pieces of malware, which included keyloggers, tons of adware, all kinds of stuff.
This is a "zero day" exploit, which means that it is out on the 'nets and there is no patch available from Microsoft. Unless something changes, it looks like MS won't be fixing this until mid-October. The best way to mitigate this is to unregister the DLL that has this bug. Sunbelt's blog has instructions on how to do this.

Doing this will disable VML (vector markup language) in your browser. Currently, this isn't widely used, but you may find that some ad banners'’ll break (sadly).

Update: Microsoft has released a patch, but it doesn't look like it has hit Windows Update yet. Find it here: Microsoft Security Bulletin MS06-055

Link (via Security Now)

Labels: , ,


Anonymous Anonymous said...

Zero day?

Thu Sep 28, 11:36:00 AM PDT  
Blogger brad77 said...

Yeah. Zero day.

Thu Sep 28, 01:17:00 PM PDT  

Post a Comment

<< Home