Microsoft Security Advisory 925568 - Vulnerability in VML

(imported topic written by tim_tsai)

Microsoft released Security Advisory 925568 on September 19th to inform users of a known vulnerability in the Microsoft Windows implementation of Vector Markup Language (VML). Detailed exploit code has been released publicly that exploits this vulnerability. Microsoft plans to release an update soon to address this issue. More information about the vulnerability can be found in the Security Advisory:

Content is available in the “SANS Top Vulnerabilities to Windows Systems” site that allows BES administrators to block known attack vectors by implementing Microsoft’s suggested work-arounds through BES:

Task “W03: Windows Libraries – Un-register OLE controls” (ID 3001)

Task “W03: Windows Libraries – Register OLE controls” (ID 3002)

These tasks allow you to un-register and re-register Vgx.dll. Note that un-registering Vgx.dll will cause applications to no longer render VML.

Customers who are not subscribed to the “SANS Top Vulnerabilities to Windows Systems” site can request an evaluation by contacting their BigFix sales representative.

(imported comment written by tim_tsai)

Microsoft has updated the advisory to announce the availability of Security Bulletin MS06-055. Microsoft recommends deploying MS06-055 security updates as soon as possible to address this vulnerability. Fixlet messages are available to deploy the MS06-055 security updates through BES.

Microsoft Security Advisory 925568:

Microsoft Security Bulletin MS06-055: