BleepingComputer.com: Question About The Vml Exploit

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

2 Pages
1
2
→

You cannot start a new topic
You cannot reply to this topic

Question About The Vml Exploit

#1 killmypc

Forum Regular

Group: Members
Posts: 221
Joined: 20-May 06
Gender:Male
Location:Texas

Posted 22 September 2006 - 06:58 AM

Great Post by Grinler :thumbsup:

Very Valuable Info!!

I have already unregistered the dll, but I am confused about how I will really know it's time to register it again. :flowers:

Will the patch from M$ be included in there Updates? (I assume it would). With Auto Updates on, I don't believe I will even know when its here. If the patch is applied before the dll is registered again, will the patch be a success?. Sorry if this is a stupid question, but I would like to make sure that this is resolved when M$ releases this.

I personally use Firefox now, but everyone else in the house uses IE.

Thanks ya'll

XP Pro/SP3, P4/2.80, DDR2/4G -- Firefox / Thunderbird
AVG8 Free, Sygate Firewall, SpywareBlaster, Comodo BOClean, MBAM, Asquared, RegCleaner, Everest Home.

#2 Grinler

Bleep Bleep!

Group: Admin
Posts: 36,175
Joined: 24-January 04
Gender:Male
Location:USA

Posted 22 September 2006 - 07:38 AM

The best scenario would be to register it before the October 10th update. Once the update is released that handles this exploit I will update the announcement so everyone knows. The reality is that the update will probably just replace the file so not having it registered before the update is released should not cause a problem.

Lawrence Abrams
Circle BleepingComputer on Google+!
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
How to detect vulnerable programs using Secunia Personal Software Inspector <- Everyone should do this!

#3 killmypc

Forum Regular

Group: Members
Posts: 221
Joined: 20-May 06
Gender:Male
Location:Texas

Posted 22 September 2006 - 08:05 AM

Sounds good, thank you

XP Pro/SP3, P4/2.80, DDR2/4G -- Firefox / Thunderbird
AVG8 Free, Sygate Firewall, SpywareBlaster, Comodo BOClean, MBAM, Asquared, RegCleaner, Everest Home.

#4 killmypc

Forum Regular

Group: Members
Posts: 221
Joined: 20-May 06
Gender:Male
Location:Texas

Posted 26 September 2006 - 10:06 PM

Just to be Annoying... :thumbsup:

Is the patch for this KB925486 ? Just want to MAKE SURE I have it.!!

Thanks

Nevermind....Sorry :flowers:

Just found this...
Security Update for Windows XP (KB925486)
A security issue has been identified in the way Vector Markup Language (VML) is handled that could allow an attacker to compromise a computer running Microsoft Windows and gain control over it. You can help protect your computer by installing this update from Microsoft.

:trumpet:

This post has been edited by killmypc: 27 September 2006 - 06:23 AM

XP Pro/SP3, P4/2.80, DDR2/4G -- Firefox / Thunderbird
AVG8 Free, Sygate Firewall, SpywareBlaster, Comodo BOClean, MBAM, Asquared, RegCleaner, Everest Home.

#5 tos226

BleepIN--BleepOUT

Group: Members
Posts: 1,412
Joined: 21-October 04
Gender:Female
Location:LocalHost

Posted 26 September 2006 - 10:09 PM

This evening when I booted up, Iwas greeted by the patch.
It is KB925486. Got installed with no trouble, though the download took more time than 10 patches normally take.

#6 Grinler

Bleep Bleep!

Group: Admin
Posts: 36,175
Joined: 24-January 04
Gender:Male
Location:USA

Posted 27 September 2006 - 07:34 AM

Yup..everyone should install it though.

#7 Dennis H

Distinguished Member

Group: Members
Posts: 745
Joined: 04-May 05

Posted 27 September 2006 - 09:35 AM

Howdy,
I recieved the patch via automatic updates. Could someone please post how to re-install VML ?

I could have sworn I saw instructions in one of the forums a couple of days ago, but I can not find the information now.

Thanks for your time.

Dennis :thumbsup:

#8 killmypc

Forum Regular

Group: Members
Posts: 221
Joined: 20-May 06
Gender:Male
Location:Texas

Posted 27 September 2006 - 09:40 AM

I believe what you are looking for is here...Here

But I believe the patch will do that for you... :thumbsup:

XP Pro/SP3, P4/2.80, DDR2/4G -- Firefox / Thunderbird
AVG8 Free, Sygate Firewall, SpywareBlaster, Comodo BOClean, MBAM, Asquared, RegCleaner, Everest Home.

#9 Dennis H

Distinguished Member

Group: Members
Posts: 745
Joined: 04-May 05

Posted 27 September 2006 - 09:42 AM

Thanks for the reply. So I may have it and not know it ?

Any idea on how I can check to see if it's installed ?

Thanks,
Dennis :thumbsup:

#10 killmypc

Forum Regular

Group: Members
Posts: 221
Joined: 20-May 06
Gender:Male
Location:Texas

Posted 27 September 2006 - 09:49 AM

If you followed the instructions in this post before, all you did is unregister it(not delete it)...simply reregister it to be sure :thumbsup:

(edit) That didn't sound sarcastic did it? :flowers:

wasn't intented that way... :trumpet:

This post has been edited by killmypc: 27 September 2006 - 09:58 AM

XP Pro/SP3, P4/2.80, DDR2/4G -- Firefox / Thunderbird
AVG8 Free, Sygate Firewall, SpywareBlaster, Comodo BOClean, MBAM, Asquared, RegCleaner, Everest Home.

#11 Dennis H

Distinguished Member

Group: Members
Posts: 745
Joined: 04-May 05

Posted 27 September 2006 - 10:01 AM

OK, just registered it.

Thanks,
Dennis :thumbsup:

EDIT: No, no offense here ! Besides I am such a computer knucklehead that I should be yelled at. :flowers:

This post has been edited by Dennis H: 27 September 2006 - 10:05 AM

#12 killmypc

Forum Regular

Group: Members
Posts: 221
Joined: 20-May 06
Gender:Male
Location:Texas

Posted 27 September 2006 - 10:07 AM

XP Pro/SP3, P4/2.80, DDR2/4G -- Firefox / Thunderbird
AVG8 Free, Sygate Firewall, SpywareBlaster, Comodo BOClean, MBAM, Asquared, RegCleaner, Everest Home.

#13 jgweed

Forum Addict

Group: Global Moderator
Posts: 27,228
Joined: 11-April 04
Gender:Male
Location:Chicago, Il.

Posted 27 September 2006 - 11:02 AM

For those who wish to read it, or to obtain a manual download for the VML exploit patch, the link to the MS Security Bulletin is here:

http://www.microsoft.com/technet/security/...n/ms06-055.mspx

Regards,
John

Whereof one cannot speak, thereof one should be silent.

#14 1972vet

Forum Addict

Group: Malware Response Team
Posts: 1,138
Joined: 16-December 05
Gender:Male
Location:Midwest U.S.A.

Posted 27 September 2006 - 12:32 PM

Following the instructions from the original BC post regarding this issue, I unregistered the .dll and was patiently waiting for the 10th of October. Like the last time Microsoft issued a security warning for the zero-day exploit, they issued the drop dead date, then beat it by about two weeks.

Meantime, I unregistered the .dll and yesterday found that Microsoft had again jumped ahead and issued the patch.

The problem (I think) is that the patch downloaded and installed itself before I could reregister the .dll...I checked the Windows Update history list and it does not indicate a failure, but I can't help wondering if there is something else I need to do.
I DID go back and reregister the .dll but only AFTER the patch was installed. The batch file ran ok and I got the "successful" message.

Does anyone know if that will work OK or should I uninstall the patch, unregister the .dll then reregister it and re-install the patch?

Disabled Veteran, U.S.C.G. 1972 - 1978
Posted Image