Microsoft clarifies workarounds for IE zero day
Microsoft has updated their advisory for the recently-revealed zero day vulnerability in Internet Explorer to clarify workarounds.
The vulnerability, disclosed over the weekend, affects all versions of Internet Explorer, but the attacks observed in the wild affect only versions 9, 10 and 11. The vulnerability uses Adobe Flash as a vector.
One workaround is to use Enhanced Protected Mode, a feature of Internet Explorer 10 and 11 on 64-bit systems. The first version of the advisory was in accurate as to the versions of IE for which the workaround was available.
The advisory now says that enabling it "...will help protect users of Internet Explorer 10 on Windows 7 for x64-based systems, Windows 8 for x64-based systems, and Windows RT, and Internet Explorer 11 on Windows 7 for x64-based systems, Windows 8.1 for x64-based systems, and Windows RT 8.1." EPM is enabled by default for the Modern UI (Metro) versions of IE, but not for the desktop versions.
Another workaround in the first advisory was to change the Access Control List (ACL) for one IE program file, VGX.DLL, the file description of which is "Vector Graphics Rendering (VML)."
The advisory now says to unregister the DLL with command lines included in the text of the advisory. This is just as effective as the ACL method, but easier to execute and undo. The advisory also provides advice for reversing the ACL method.