MS IE 6 remote administrative exploit warning

[Kelvyn]

A remote exploit with IE6 that can allow an attacker to gain administrative access to any Windows workstation, server or desktop running any version of IE6 has been reported. There is currently no patch or hot-fix available from Microsoft to address this issue. Exploit code has been published on news groups and security web sites with ample details on how to take advantage of this exploit through nothing more than a victim “viewing” a web page – one need not even click in the web page, just simply open it and you are exploited.

See this MS report & response with an expected release of a fix on 10th October.

Symptoms of exploitation involve multiple program crashes and in the error details from the crash report windows generates, you will see the file “vgx.dll”. If you have experienced this issue in the last 7 days then it is possible you have been exploited. The only way to correct the matter is to completely reinstall windows, this should be done as soon as possible so that an attacker has no chance to modify local files or backups.

This exploit affects a component of IE6 called VML, it is not an important feature in IE in terms of general web surfing and conducting business online. It is recommended to disable VML support on PCs as soon as possible. The list of mitigating factors in the above URL will assist with identifying what system setups may be exploitable however if you don’t know what VML is or have no use for it, disable it till such time a patch is released.

Disable VML
Start > run
regsvr32 -u "%ProgramFiles%\Common Files\Microsoft Shared\VGX\vgx.dll

Enable VML
Start> run
regsvr32 "%ProgramFiles%\Common Files\Microsoft Shared\VGX\vgx.dll