Microsoft releases unscheduled VML patch
Microsoft's Windows Update service is currently distributing a patch intended to disarm the flaw in the Windows implementation of the Vector Markup Language (VML). The hole has been repeatedly exploited in recent days to install key loggers and backdoors using rigged websites.
The announced description is not available as of the time of writing. But on Windows XP systems, the patch replaces the affected vgx.dll library with a new version that is not vulnerable to the known exploits. Users who applied Microsoft's recommended workaround can therefore reactivate the library vgx.dll by executing the command
regsvr32 "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"
For Windows 2000, Microsoft is providing a reworked version of the kernel update from MS06-049 that is supposed to have eliminated problems in the compression of NTFS. Patches for the critical holes in Office and daxctle.ocx in IE remain outstanding.
(ju)