(imported topic written by tim_tsai)
Microsoft released Security Advisory 925568 on September 19th to inform users of a known vulnerability in the Microsoft Windows implementation of Vector Markup Language (VML). Detailed exploit code has been released publicly that exploits this vulnerability. Microsoft plans to release an update soon to address this issue. More information about the vulnerability can be found in the Security Advisory: http://www.microsoft.com/technet/security/advisory/925568.mspx
Content is available in the “SANS Top Vulnerabilities to Windows Systems” site that allows BES administrators to block known attack vectors by implementing Microsoft’s suggested work-arounds through BES:
Task “W03: Windows Libraries – Un-register OLE controls” (ID 3001)
Task “W03: Windows Libraries – Register OLE controls” (ID 3002)
These tasks allow you to un-register and re-register Vgx.dll. Note that un-registering Vgx.dll will cause applications to no longer render VML.
Customers who are not subscribed to the “SANS Top Vulnerabilities to Windows Systems” site can request an evaluation by contacting their BigFix sales representative.