In my short time here on Earth I've learned two undisputable truths:
- The best things are unintentional.
- The simplest solution is the best.
Thanks to Symantec, the second truth rings clear today. There's been much decried publicly over the recently reported vulnerability in the Internet Explorer. The active exploit affects Internet Explorer versions 6-11 and even Homeland Security has issued public statements against using IE until the issue is resolved. Yeah, it's that serious.
For Windows XP users, this is dire news since Microsoft no longer provides security updates due to the OS version reaching end of support on April 8, 2014. Windows XP will be vulnerable to this flaw forever. I actually saw a post on an email list today where someone asked, "Will Microsoft be providing security patches for this?" I've not seen any responses yet, meaning most are probably still shaking their head in amazement.
All along, Microsoft has provided suggested workarounds, including using the Enhanced Mitigation Experience Toolkit (EMET), disabling Flash, and enabling "Enhanced Protected Mode" in IE 10 and above. The longer the hole stays unpatched, the more confusion is brought forth over which method is best.
Symantec has taken a different tack. To help curb the impact of the living exploit, the company has put together a simple solution that merely unregisters a DLL file named VGX.DLL. Symantec says that the file is not required for the majority of users, but by unregistering it with the system, any application that uses it will fail to function properly.
The bit of code to unregister the system file goes like this:
"%SystemRoot%\System32\regsvr32.exe" -u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"
Symantec has also provided a batch file that you can download to automate the command-line and you can get it here: Zero-Day Internet Explorer Vulnerability Let Loose in the Wild