New unpatched exploit in IE

Question

MS has released a scurity advisory about a critical upatched exploit in IE involving VML, which is currently active on several websites.
http://aumha.net/viewtopic.php?t=21729

Until a patch is released, MS has recommendations involving workarounds (or use another updated browser):
http://www.microsoft.com/technet/security/advisory/925568.mspx

edit: Grinler over at bleepingcomputer has posted a nice tutorial on how to disable VML until a patch is released:

http://www.bleepingcomputer.com/forums/topic66086.html

Message Edited by joe53 on 09-22-2006 06:08 PM

ky331 · Answer

Question (for anyone who can offer a definitive answer):   The articles indicate this exploit can impact the newer operating systems (Win2000, XP, Server 2003).   Does this mean the older operating systems (Win98/ME) are not susceptible to this exploit?... Or are these systems also at risk --- but just that, since Microsoft has terminated support (meaning no patch will be prepared/released for them), they are simply 'not considering' these any more in their advisory?

zbestwun2001 · Answer

ky331 you're OK. ZB1

joe53 · Answer

Good question!   I found this: http://www.frsirt.com/english/advisories/2006/3679

ky331 · Answer

Patch has been released:     Security Update for Windows XP (KB925486)   Get it from windows updates, or here:  http://www.microsoft.com/technet/security/bulletin/ms06-055.mspx

zbestwun2001 · Answer

Thanks ky331

Virus & Spyware

New unpatched exploit in IE

Was this post helpful?