My Emergency Windows Update Plan
What scares you more? A flaw in Windows that could allow an attacker to compromise your computer or a solution downloaded to your computer which Microsoft has had less a week to figure out and test. Believe it or not, the 2nd choice scares me more.
Here’s what Microsoft says today at update.microsoft.com:
A security issue has been identified in the way Vector Markup Language (VML) is handled that could allow an attacker to compromise a computer running Microsoft Windows and gain control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer.
According to our friends at Sunbelt this new zero-day exploit was initially found on porn sites last week and has now migrated to Yahoo greeting cards. Along with other great information, Alex Eckelberry offered my favorite suggestion; Disable VML. “Not having VML support is not a big deal as not many websites use it.”
Click on the Start menu and select Run…
To Disable VML copy and paste the following.
regsvr32 -u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll”
To ReEnable use the following command…
regsvr32 "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll”
So here’s my plan.
I have already run the VML Disable command on all my systems. (Thanks Alex) I’m going to stay clear of Russian porn sites and won’t be tempted to click on any Greeting cards. This won’t be hard for me since I don’t typically visit porn sites or trust greeting cards anyway.
Luckily, I also have my systems setup so they don’t automatically download and install Windows updates. I’m not going install todays patch from Microsoft because a week long development cycle just scares me more. I’m going to wait 10–14 days until I’m sure no new bugs are introduced. At that time, I will Re-Enable VML and install the Microsoft update. Sound Good?