Patching: Mitigating against MSIE VML Exploit

SANS ISC has raised the InfoCon level to yellow today, after news that the Microsoft Internet Explorer VML exploit is becoming more widespread. SANS, Microsoft, and others are recommending to unregister the VGX.DLL to mitigate against the risk until a patch is available. Obviously, unregistering this DLL will disable the rendering of VML by your web browser, and other applications. So use this as appropriate for your environment.

The command looks like this: "regsvr32 /u "%ProgramFiles%\Common Files\Microsoft Shared\VGX\vgx.dll"

I rolled this into a GPO applied computer startup script that I'm using internally.


Set objShell = CreateObject("WScript.Shell")
Set objFSO = CreateObject("Scripting.FileSystemObject")

strUnregCommand = "regsvr32 -u -s ""%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"
strComputer = objshell.ExpandEnvironmentStrings("%COMPUTERNAME%")

Set objExec = objShell.Exec(strUnregCommand)
strExecResults = LCase(objExec.StdOut.ReadAll)