Internet Explorer 6/7/8/9/10/11 Vulnerability

[Stig]

Microsoft have released a Security Advisory for a vulnerability in Internet Explorer that could allow Remote Code execut1on. This affects all Internet Explorer browsers from IE6 upwards:

https://technet.microsoft.com/en-US/...curity/2963983

Having done some research it would appear that the best way to workaround this issue (until a permanent fix is released) is the following:

Unregister VGX.DLL

1. Click Start, click Run, type "%SystemRoot%\System32\regsvr32.exe" -u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll", and then click OK.
2. A dialog box appears to confirm that the un-registration process has succeeded. Click OK to close the dialog box.

Impact of Workaround: Applications that render VML will no longer do so once vgx.dll has been unregistered.
When a security update is available to address this issue, you should re-register vgx.dll after installing the security update. To re-register vgx.dll follow these steps:

1. Click Start, click Run, type "%SystemRoot%\System32\regsvr32.exe" "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll", and then click OK.
2. A dialog box appears to confirm that the registration process has succeeded. Click OK to close the dialog box.

Very few websites use VML so this should have least impact:

Vector Markup Language (VML) is an XML-based language that facilitates the use of vector graphics on the Internet, especially on Web sites. VML was proposed to the World Wide Web Consortium (W3C) as a standard for vector graphics rendering by Microsoft, Autodesk, Macromedia and Visio in 1998 but was never formally accepted. Instead, it evolved, along with another proposed standard, into Scalable Vector Graphics (SVG), which came into widespread use in 2003. Even so, Microsoft implemented VML capability into its Internet Explorer 5.0 browser.

Both VML and SVG describe images in vector format as an application of XML. Vector graphics is the creation of digital images in terms of mathematical statements that place lines and shapes in two-dimensional or three-dimensional space. Any program such as a Web browser that recognizes XML can display this type of image using the information provided in the VML or SVG formats. VML and SVG enable the viewing of an image on a display of any screen size and resolution and allow text within the image to be recognized. This makes it possible for text to be located by a search engine and translated into multiple languages. Compared with a bitmap, a VML or SVG image may be smaller and arrive more quickly over slow Internet connections. Nevertheless, GIF, JPG and PNG images are expected to continue to predominate for use on Web sites.

[tuxpenguin]

Best advice for the fast workaround: Switch to another web browser, such as Mozilla Firefox or Google Chrome. This is one of the recommendations from U.S. and U.K. Computer Emergency Readiness Teams from their national security agencies.

[Stig]

True, but not always viable in large organisations as deployment leads to another web browser to support and can deviate from the "corporate standard" in some cases.

[tuxpenguin]

It is just the best temporary workaround until MS fix the issue. Of course where you can't get rid of IE should be used the other ones.

[liveseytowers]

I'd rather be rolling out chrome with gpo restrictions than rolling out un registering dlls as a temp fix. In this day and age it's probably wise to have two browsers as the standard as seeing as you mange chrome with a gpo chrome it is for us.

Sent from my HTC One using Tapatalk

[Stig]

I see what you are saying, but can Chrome patches and releases be controlled via GPO?

Obviously WSUS can be used for IE.

[liveseytowers]

We allow chrome to auto update but lock it down so no extensions are allowed etc. If you had time it wouldn't be hard to roll out updates I'm sure there is a msi for it. Worth having as a fall back.

Sent from my HTC One using Tapatalk

[Stig]

Cool, may have to check that out then. Thanks.

[tuxpenguin]

What about Opera? Is it that one used in enterpise organizations?

[Goldberg]

You would not believe how much trouble browsers cause!

The product that we sell to corporations has to be tested on every version of every browser. Fortunately we can automate most of it but the biggest problem we face is versions of IE!
Honestly, our product front end is through a browser and IE8 is the biggest ball ache of all time! Not rendering correctly, buttons in the wrong place, overlapping borders etc..

But, telling customers "we do not support IE8" would lose us businesses. Big corporations/bank (our client base) have thin clients all running particular flavours, with tweaks, of a certain browser company wide.

Throw Chrome and Firefox into the mix and it causes us a lot of work.

[liveseytowers]

We have issues were some apps support different versions of IE, others support Chrome, others support Firefox. Its a right pain in the ass. Chrome is really good now with the GPO support but Firefox last time I packaged it up it had all the tweaks in a config file which isn't ideal. Any changes needed and you've to push out a new config. What happened to the days when you only supported IE6 and that was it?