Windows VML security update MS06-055 released



Security update for Windows Vector Markup Language (VML) vulnerability has been released.

Fix is available via Microsoft Update or downloadable with links included to MS06-055:
http://www.microsoft.com/technet/security/bulletin/ms06-055.mspx

Fix information has been added to Windows VML Vulnerability FAQ (CVE-2006-4868)
http://blogs.securiteam.com/?p=640

and details will be added shortly.

It appears that the timestamp of updated Vgx.dll library is 18th September, 2006.

From the Security Update Information / File Information section of new MS bulletin:

Windows XP Service Pack 2 (all versions) and Windows XP Professional x64
Vgx.dll - 6.0.2900.2997 - 18-Sep-2006 - 14:28 (UTC) - 851,968

It is exactly the same day when Sunbelt reported that they were informed Microsoft security people:
http://sunbeltblog.blogspot.com/2006/09/seen-in-wild-zero-day-exploit-being.html

- Juha-Matti



Relevant Pages

  • [Full-disclosure] Windows VML security update MS06-055 released
    ... Security update for Windows Vector Markup Language vulnerability has been released. ... Fix is available via Microsoft Update or downloadable with links included to MS06-055: ...
    (Full-Disclosure)
  • Re: Vulnerability issues with installation of security update kb96
    ... The fact that the vulnerable file is present does not necessarily mean that there is a vulnerability, although I agree that it is an oddity that should be investigated. ... So we then downloaded the actual update (KB969615 which updates the powerpoint viewer 2003). ... Once again if powerpoint viewer 2003 is part of the full powerpoint installation, why does the Microsoft updater not recognize that the program is on the system and update it. ... My question is if the files which allow the viewer to be run on a system, why does the microsoft update not allow the system to be patched. ...
    (microsoft.public.windowsupdate)
  • Re: [openssh-unix-announce] Re: Upcoming OpenSSH vulnerability (fwd)
    ... >>apparently it's so complicated that you can't fix it right away on your ... details of the vulnerability now: the black hats could use the ... OpenSSH version is the most straightforward solution. ... In my opinion, the advantages of immediate disclosure outweigh the ...
    (FreeBSD-Security)
  • Re: DCOM Hotfix breaks our software
    ... There was a workaround before the fix came out. ... vulnerability for the time being. ... DCOM Hotfix breaks our software ... Checked by AVG anti-virus system. ...
    (Security-Basics)
  • Re: ~/.login_conf disabling exact reasons wanted
    ... This vulnerability is not a hoax--spreading this kind of mis-information ... well as FreeBSD 5.0-CURRENT. ... You can expect a security ... the time to properly evaluate a complete fix would be non-trivial (I would ...
    (FreeBSD-Security)