As if Heartbleed Wasn’t Enough, Here is Another Emergency:


Please forward this to your IT Techs immediately. As with Heartbleed, this is a vulnerability that attackers are already using against you and nobody knew until right now. These are called “zero-day attacks.”

This blog is aimed at non-technical executives and owners, and this “technical” release is so that you can forward this to your IT Pros. Forward it to every one you care about “not getting hacked” because you and they may already be.

The good news is – you can “turn off the vulnerability” like a light switch.

Credit for this alert goes to our resident Citrix and VMware “Virtualization Guru.” He explains:

A security flaw has been found in all versions of Internet Explorer and this flaw has already been exploited by cyber criminals. At this time, no patch has been provided by Microsoft.

This excerpt from the Microsoft article explaining the exploit provides the pertinent facts:

“…The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website…”

Customers should protect their own Windows computers from this flaw by following these steps:

  • Open a Command Prompt window (hold the Windows key on your keyboard and type “r”, then type CMD in the “Open:” box
  • keyboard

    run

  • In the Command Prompt window that opens up, type the following (it’s probably easiest to copy and paste from this blog): regsvr32 -u “%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll”

CMD

As mentioned before, Microsoft has not made public a patch to fix the bug. When a patch is made available, install the patch and then reverse the above command, running cmd admin, by re-registering the vgx.dll file: regsvr32 “%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll”

Please post your comments below….


11 Responses to “As if Heartbleed Wasn’t Enough, Here is Another Emergency:”

  1. Mike Foster says:

    And, before you beat me to it, yes – Firefox, Chrome, and Safari aren’t susceptible to the same vulnerability. So, should you switch? Why not – I use all four. But does switching guarantee security? No way. Just Google “Firefox breach.” Use whichever one your IT Pros want you to use since they will be most familiar with supporting their favorite. Some people will argue that Microsoft detects bugs faster than some other organizations. Personally, I just disable flash and know it makes me more secure. Be sure to see this article as well: https://www.fosterinstitute.com/blog/is-your-guardian-angel-tranquilized/

  2. Bernie Perry says:

    Hi Mike,

    As always thanks for the tip. Just a comment though. I first thought you meant we should press Return when “CMD” showed up and then enter the code you provide in the window that opens. As you no doubt know that doesn’t work. I finally concluded that you probably meant we should replace “CMD” with what you provided. When I did that I got a message saying whatever I did succeeded.

    One question – after we do this is it okay to use IE?

    Bernie

  3. Bernie Perry says:

    Hi Mike,

    I just read this morning that another fix is to disable Flash in IE. Do you agree that is a viable temporary fix?

    Thanks … Bernie

  4. Mike Foster says:

    Yes, you can then use IE. That temporary patch will alleviate the danger from this particular vulnerability.

  5. Mike Foster says:

    Yes, it is reported that disabling Flash is a viable work-around. Most people wouldn’t disable Flash for fear of content they will miss when visiting sites. Personally, I don’t use Flash at all (on purpose) to help avoid dangers just like this one. Additionally, you can use settings in IE that will allow Flash on some of your trusted sites and disable Flash on others as you read in: https://www.fosterinstitute.com/blog/is-your-guardian-angel-tranquilized/

  6. Mike Foster says:

    Here is a great question Chuck, an executive, asked: “What does that fix accomplish? What does it do to my system?”

    What the fix does is to temporarily disable the ability to display code called VML, “Vector Markup Language.” Technical answer I know – but you asked 😉

    The attack you are preventing takes advantage of a “security hole” in the VML code. Thus, by disabling the ability to process VML, the security hole goes away.

    You shouldn’t notice any negative effects, and if you do, you can always re-enable VML as described above: reverse the above command, running cmd admin, by re-registering the vgx.dll file: regsvr32 “%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll”

    That’s normally the kind of thing and IT Pro would do for you and for an organization. Executives needn’t get involved at such a technical level in most cases.

  7. Aron Eisold says:

    Mike,

    We decided to move forward with the installation of the Microsoft Enhanced Mitigation Experience Toolkit or EMET version 4.1 within our organization to help mitigate this vulnerability. This may help us further long-term with any other potential zero-day attacks.

    -Aron

  8. Mike Foster says:

    Hooray Aron! EMET is a wonderful tool that I suggest everyone install. I’ll be publishing a newsletter / blog entry about EMET soon. Thank you for sharing such encouraging news! You are helping make the world a more safe place to work and live

  9. Mike Foster says:

    Jack, an executive just sent:

    A colleague forwarded the information in your ” As If Heartbleed Wasn’t Enough . . . ” blog, which I passed along to my web geeks. They wrote back:

    There is a new IE security flaw:
    http://www.usatoday.com/story/tech/2014/04/28/internet-explorer-bug-homeland-security-clandestine-fox/8409857/

    Even Homeland security advises not to use IE.

    I would NOT recommend that you execute the given code in the e-mail you got. But the e-mail seems informational about the flaw.

    Yes, the article your web guys refer to, http://www.usatoday.com/story/tech/2014/04/28/internet-explorer-bug-homeland-security-clandestine-fox/8409857/ starts out saying, “The U.S. Department of Homeland security is advising Americans not to use the Internet Explorer Web browser until a fix is found”

    I interpret what your team is saying as: “Don’t use IE. Then there is no reason to patch IE since you won’t use it anyway.” Right on!

    Some people need to use IE, so they are the ones who need to apply the fix. Eventually (soon we hope) Microsoft will release a patch that will make the fix so much easier and, in some cases, automatic for everyone 🙂

  10. Mike Foster says:

    To avoid inundating our subscribers with email messages, we aren’t sending out a post about the big problem with Adobe Flash for which Adobe’s already released a patch: http://helpx.adobe.com/security/products/flash-player/apsb14-13.html

    Hopefully all the IT Pros at companies whose executives subscribe to our newsletter have applied the patch already. Now is a good time to remind all the executives you know to remind their IT Pros just in case…

  11. Mike Foster says:

    ATTENTION: Microsoft has released a patch! And the patch will even work on Windows XP (Microsoft said they weren’t going to support XP any longer).

    First, please notify your IT Professionals immediately (just in case – they may already know).

    Second, forward this to all the people you know who you care about.

    For your own personal machines, the patch will eventually show up as long as your “automatic update” feature is enabled. If you want the patch sooner, then GO HERE: windowsupdate.microsoft.com

    And if you want to be sure you’ve automatic updates Microsoft tells you how https://support.microsoft.com/kb/294871

Leave a Reply