Security Bulletin: Windows XP Exploit

September 25, 2006


There is a newly discovered “zero-day” exploit in Microsoft Windows XP and Internet Explorer that can allow malicious code to be run on your machine just by visiting a web site. (Zero-day refers to the fact that the flaw has been in the software since it was released.) Right now, the exploit has only been seen on web pages, but if you are using Outlook or Outlook Express with the preview pane turned on you are potentially vulnerable to future attacks. Currently, the only fix is to un-register a .dll that allows the exploit to run. This particular .dll handles the rendering of vector graphics, which are not very widespread these days so un-registering it should not cause many problems. This is just a temporary fix until Microsoft patches the problem and then it will be okay to re-register the .dll.

So, here’s what you do. Open a Run box (go to the Start button and click on Run). Paste the following into the Run window:

regsvr32 -u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"

I will be sure to post when it is okay to re-register this .dll.

For more information: go here, or here.