Tech Watch | InfoWorld Staff » Internet Storm Center at "Code Yellow"

September 22, 2006 | Comments: (0)

Internet Storm Center at "Code Yellow"

TAGS: Security

The SANS Internet Storm Center has downgraded its Internet security rating from "Green" to Yellow this afternoon, amid reports of rampant exploitation of the VML (Vector Markup Language). Web-based attacks using the new exploit were first reported by antispyware vendor Sunbelt Software on Monday.

Since then, the attack -- which was at first thought to affect only the Internet Explorer Web browser, has been found to also be able to exploit some versions of Microsoft's Outlook email client, which have been used in phishing email attacks.

SANS writes that attacks using the VML exploit, and raised its threatcon to Yellow today so that readers would "consider fixes."

"The exploit is widely known, easy to recreate, and used in more and more mainstream websites. The risk of getting hit is increasing significantly."

What fixes you say? Funny you should ask. First off, a new and unofficial patch for the VML hole is circulating from a group of respected security researchers that calls itself ZERT, for Zero Day Emergency Response Team.

Microsoft has issued an advisory on the VML issue here.

For those disinclined to apply the unofficial patch, SANS recommends
Outlook (including outlook 2003) is - as expected - also vulnerable and the email vector is being reported as exploited in the wild as well.

-Updating your antivirus software, make sure your vendor has protection for it.

-Unregistering the following vulnerable dll:

regsvr32 -u "%ProgramFiles%\Common Files\Microsoft Shared\VGX\vgx.dll"
or
regsvr32 /u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"

-Stop using IE.

Good luck!

Posted by Paul Roberts on September 22, 2006 10:13 AM

RATE THIS ARTICLE: