Security researchers at Sunbelt Software discovered a critical problem in Microsoft’s implementation of VML being exploited by malicious web sites on 18th September. Microsoft has confirmed the vulnerability.
Interestingly, this may not be a zero-day exploit, when Sunbelt started discussing the exploit, other researchers confirmed that this was the first they had heard of it. However, it later became apparent that ISS had been aware of it for some time, and had been working with Microsoft on a fix. This adds more fuel to the full disclosure debate: ISS and Microsoft denied potential victims the opportunity to take mitigating steps by keeping the exploit secret; or perhaps their actions reduced the number of bad guys that were using the exploit for a while?
Early advice was to mitigate the threat by unregistering the VML dll:
Click Start, click Run, type
regsvr32 -u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll
and then click OK.
Microsoft released a patch on 27th September.
