Teardrops n Tiny Travel Trailers

[sdtripper2]

There is a NEW Vulnerability in Microsoft software.

Two Serious New Windows Problems

I am sending out this information as a courtesy. Seems that MS
software IE and Outlook can be exploited (IE VIRUSES) just by
scanning a page, either in Internet Explorer (IE) or Outlook (Preview pane).
Please read the following information and make a choice
as to what you want to do if you have a PC using Microsoft software.

This effects Internet Explore users who surf and Outlook users.
Microsoft has gone to once a month uPdates so no auto fix is here
yet. Read and see if you choose to do this easy work around till MS
sends you a patch this next month?


Microsoft Security Advisory (925568)
Vulnerability in Vector Markup Language Could Allow Remote Code Execution

# "Vulnerability in Vector Markup Language Could Allow Remote Code Execution."
This advisory provides a general overview of the problem and, fortunately, also provides a robust interim work-around to disable Windows' and IE's VML parsing. This can and should be used until Microsoft has repaired the buffer overrun in the VGX.DLL VML parser that is being actively exploited on the Internet.


# How to protect your system:
As detailed in Microsoft's VML security advisory (see link above), you can quickly, easily, and safely protect your system from possible VML exploitation by "unregistering" the defective DLL. The system will no longer be able to render web-based vector markup language graphics, but you won't notice any difference since few sites use VML for benign purposes.

Simply copy this command from this page (highlight the entire line then type Ctrl-C to Copy it into the clipboard), then open the "Run..." dialog by pressing your system's Start button and choosing "Run..." Press "Backspace" to remove anything that might already be in the "Open" field, then type "Ctrl-V" to paste the command into the field. Press "OK" to execute the command and you should receive a dialog confirming that the VGX.DLL file has been "unregistered" ...

regsvr32 -u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"


Please tell your family and friends and the word. Since this newly discovered Windows VML defect is being actively exploited by thousands of web sites to install malware, and since viewing malicious eMail with many versions of Outlook will also cause this to occur, EVERY Windows user is a potential victim. Please help people to protect themselves.
***


After Microsoft fixes this problem do the following please.
.... below is the information to reset your MS system.



# How to "re-register" the VGX.DLL:
Once Microsoft has repaired this defect, which should happen no later than the second Tuesday in October (Oct. 10th) — and after you have applied those October security updates — you should re-register the repaired VGX.DLL file by repeating the steps above, but using a command without the "-u" argument, as follows:

regsvr32 "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"

Note:
At that time, please also remind anyone you may have helped to protect themselves through un-registering the DLL to re-register it AFTER they have updated their system with the current October patches. MS sends out patches on one Tuesday each month.
***


Want more information?
Go here:

[BrwBier]

Really?

[sdtripper2]

YES

Really

See here:
Microsoft Security Advisory (925568)
Vulnerability in Vector Markup Language Could Allow Remote Code Execution

[sdtripper2]

It appears MS is rolling out its fix for the VLM issues.

Today I am being asked if I want to download the MS fix.

[madjack]

...make sure the fix is fixed before applying...what would Leo do???................................

[stjohn]

I'm really computer dumb so my ? is if you are using firefox is this still a promblem.Thanks in advance.

Mike

[sdtripper2]

Mike:

The two issues involve the use of MS Internet explorer to surf and the MS Outlook preview pane option. If you don't use either then you most likely are not needing this easy fix above.

However to be safe you could do the U-register patch and when you uPdate your computer with the fix MS that is coming you can do register patch= the second line, that will put your box back in tune with MS.

Mike ... it is easy to do and so just cut and paste the first U-register patch command into the run box down in the (start>run) and click OK and you are protected.

This subject will be talked about more as the fix rolls out.

[Podunkfla]

Done... Thanx!

[sdtripper2]

Hello, All:


If you did the patch at the beginning of this thread read on:

As I said as soon as MSoft came out with the fix I would let you know.
The following is how to uPdate your PC computer and register the VGX.DLL.

This link is my source:
Here is an uPdate on the MS Vulnerability

Official Microsoft VML Vulnerability
Patch Is Now Available ............. > September 26th 2006
Windows Update is now carrying
Microsoft's official VML patch.

Start
1) You should run Windows Update to obtain the patch, reboot your machine as Windows Update will require, then re-register the VGX.DLL file if you had previously unregistered it, since Windows Update does not automatically re-register the previously vulnerable DLL file. (
See instructions for re-registering the previously vulnerable DLL below = 1A.)

************************************************************
1A)
After Microsoft fixes this problem and you have run MS uPdate ... do the following please.
.... below is the information to reset your MS system.

# How to "re-register" the VGX.DLL:
Once Microsoft has repaired this defect, which should happen no later than the second Tuesday in October (Oct. 10th) — and after you have applied those October security updates — you should re-register the repaired VGX.DLL file by repeating these steps below, but using a command without the "-u" argument, as follows:

Steps to follow:
Simply copy this command from this page (highlight the entire line then type Ctrl-C to Copy it into the clipboard), then open the "Run..." dialog by pressing your system's Start button and choosing "Run..." Press "Backspace" to remove anything that might already be in the "Open" field, then type "Ctrl-V" to paste the command into the field. Press "OK" to execute the command and you should receive a dialog confirming that the VGX.DLL file has been "registered" ...

This is the command string that follows to re-register the VGX.DLL

regsvr32 "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"


*************************************************************

2) Test to see if the VGX.DLL is now safe: = You can then verify that your system is no longer vulnerable by displaying this benign VML vulnerability test page, which will use VML to display two red star filled rectangles:

http://www.isotf.org/zert/testvml.htm

If the DLL is NOT re-registered, you will see a blank space instead of the red-filled rectangles. If the DLL is still vulnerable (the patch didn't "take"), your browser will crash harmlessly.
*************************************************************

Note:
At this time, please also remind anyone you may have helped to protect themselves through un-registering the VGX.DLL to re-register it AFTER they have uPdated their system with the current uPdate patches.

End
***

[Podunkfla]

Steve... Thanks again... Now I'm all patched & up to date and undid the work-around. Cool.

You may be interested in this tool I use. It automaticly checks for patches for Microsoft AND a lot of other software too. If you run a network, it's a real timesaver. It's free for individual users:

NetCheckProtect -- to quote from their site...
"Are you worried about your network's security? Are you buried in patches? With Shavlik HFNetChkPro Plus™ patch management, you can manage patches with ease, save time and money, increase overall network security and ensure regulatory compliance. Shavlik HFNetChkPro Plus™ is automated to make patching painless - scan, remediate and report, all while at the comfort of your own computer."


http://www.shavlik.com/hfnetchkpro.aspx

[Mike B]

Whew! Too much work for me. I'll stick with Linux instead of Windoze.

Actually, I have to use WinXP at work. Our network went down on Monday because of a virus. They finally got it working again on Wednesday afternoon.

Like I said, Linux is the one for me. And Firefox for browsing.

Mike

[sdtripper2]

Like I said, Linux is the one for me. And Firefox for browsing.

Mike & All:

I agree that Linux and Firefox both are software that have shown to be less
susceptible to the viruses.

That said ... there are many persons that do use the MS products and aren't
for many reasons using the software combination you wisely have chosen.

1) My opinion would have everyone that uses MS software to do the following.
If I were using Outlook & or Outlook Express the option of the "Preview Pane"
would not be used.

1a) There are many email programs out that are less susceptible to attack
and that might be an easy solution. That is stop using Outlook or Outlook
express to cut down on aggravations surrounding viruses:

2) Internet Explorer (IE) seems to be more and more under assault by those that would attack the Dark Side software of MS. So in my opinion Firefox browsing is an easy alternative that seems to be less apt to be on the radar screens of those that would attack the Dark Side software. For the person trying to make a decision, Note that you
can have both IE and Firefox running at the same time. That is you can
have the security blanket of IE while opening your eyes to the brave new world of Firefox browsing.

So to sum uP if using the MS Outlook products don't use the "Preview Pane" option. Using another browser to search the web like Firefox by Mozilla can be and easy solution to get your computer out of the target zone of those that would attack the Dark Side products of MS.


For those that don't want to know more or install Firefox STOP HERE PLEASE~

For those that want to know more or install Firefox Please continue on~

To those that haven't ever used Firefox or the other products by Mozilla,
I will point you to the links here and explain some of the benefits.

Some of the Benefits of using Firefox:
A Better Web Experience, Faster Browsing, Automatic Updates, Tabbed Browsing,
Improved Pop-up Blocking, Integrated Search, Stronger Security, Clear Private Data,
Live Bookmarks, Accessibility, Customize Firefox, and Next Generation Web Support


What the new person to Mozilla Firefox should expect:
Faster browsing:

Less chance of virus assaults and less hassle while browsing:

A robust tool box of options that can make the browsing experience more pleasurable:

Easy searching using the two Google tool bars can help you here on the forum:

Tab Browsing has changed the way the web is used for me. Maybe you too
would like this choice if you have lived with one screen IE browsing for
too long. I would equate the one screen view of the web as from a prison cell.
Looking out one small window at a time. Where as the Tab browsing
experience is like looking out many windows from on high in a 360 degree
panoramic view. Yes IE now just put this option in their latest product
however you are still subject to the attacks:

Here is the information to install Firefox:

Optional Web browsing with many options
You can have Internet Explore and Mozilla Firefox browsers operating at
the same time. So you can try Firefox and see if you like it.
Is Mozilla Firefox browser for you?
Consider using Mozilla Firefox as a safer browser with many Extensions.
Here is the link for decision information & installation instructions for Firefox (FF).

There are two tool bars that Google has:
1) The first and a must is the Basic Google Toolbar with spell checking.
This tool bar is very useful for posting here on the forum:
Spell checking posts in your browser can be easy with the basic Google Toolbar.

Here is the link to install the Basic Google Toolbar (after install of Ff)

2) The Advanced Google Toolbar can narrow your search for data on this forum with ease:

May I suggest the
Advanced Google Toolbar from Google to search this forum,
using the format (Word Search ... site:http://www.mikenchell.com/)
***

Adding Themes & Extensions = (options) to Firefox
can help to make your generic Firefox experience more pleasurable.

Themes:
First as my eyes need some contrast to see better I chose the Noia 2.0 Extreme Theme.
By no means is this your only choice but for me this theme sure works.

Here shows the top of the generic Theme for Firefox:





Here shows the Noia 2.0 Extreme Theme:

Theme Choices:
Get Noia 2.0 Theme here
More Themes here

Extensions = (Options or choices):
The Extensions a person can choose are like the stars in the sky.
You choose your level of participation and creative browsing.
Getting Extensions for Firefox here
Getting started with Firefox here

Firefox tutorial:
Tutorial Firefox here

Here are a few Extension choices that I chose after installing Firefox that you might consider.

Fasterfox, Flashgot, IE tab, Adblock, Tab Mix Plus, Forcastfox, Colorful Tabs
Tabbrowser Prefrences, PDF Download, Google Preview, deskCut,
Tab Cataloge, Toolbar Buttons, Crash Recovery, Google Advanced Operations Toolbar,
Politician Search, Who is this Person, Performancing, All Custom Links,
Google Toolbar for Firefox, Separe, Reveal, Yahoo Easy uPload Tool:

There are many more Extensions to choose from and to search is to find
little nuggets of pleasure to make your online experience better.

If you got this far and have installed Extensions on Firefox that you like
very much maybe you could share them with me?

~ Happy Computing ~