3 Replies Latest reply on May 1, 2014 3:08 PM by Hayton

    CVE-2014-1776 : protection for XP users

    Hayton

      Microsoft's advisory about CVE-2014-1776 gave several options to prevent exploitation.

       

      For XP users, this one is probably the easiest and best way to do it.

       

      You need to be in an Administrator account to do this.

      From Start, select Run. In the box, type CMD - this opens a DOS command window.

      In that window type the following, exactly as shown (I already tried it, and it says it worked).

       

      "%SystemRoot%\System32\regsvr32.exe" -u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"

       

      Hit Enter, and wait a few seconds.

       

      If it's worked, you'll get a message box confirming that the dll has been unregistered.

       

      Message was edited by: Hayton on 30/04/14 04:10:17 IST
        • 1. Re: CVE-2014-1776 : protection for XP users
          Hayton

          May 1st :

           

          Microsoft are issuing an emergency update to address this vulnerability.

           

          ALL versions of windows will receive this fix - including XP. Whether that means all XP installations will be patched, or only those where Microsoft have reached an agreement with large organisations for extended support for XP, remains to be seen.

           

          As an experiment I already tried checking Microsoft Update from my XP box (still running, just) and to my surprise found one optional update there (but not the May 1st one).  The optional update for XP was KB931125 (Update for Root Certificates for Windows XP) and was dated 29 April - after the end-of-support date.

           

           

          https://technet.microsoft.com/library/security/ms14-may.aspx

           

          Microsoft fix for 1776.PNG

           

          Message was edited by: Hayton on 01/05/14 17:56:02 IST
          • 2. Re: CVE-2014-1776 : protection for XP users
            moldyjacket

            Hayton, I really appreciate keeping XP users informed. 

             

            I picked up the optional Root Cert earlier, but now:

             

            Security Update for Internet Explorer 8 for Windows XP (KB2964358)

            Date last published: 5/1/2014

            Download size: 3.2 MB

             

             

            Get it while it’s hot!

            • 3. Re: CVE-2014-1776 : protection for XP users
              Hayton

              The update is now issued

               

              https://technet.microsoft.com/library/security/ms14-021

               

              If you have unregistered vgx.dll and want to have it enabled in case it's needed (and it probably won't be needed, since VML is officially deprecated by Microsoft and isn't much used now on web pages) then this is how to re-register the dll :

               

              You need to be in an Administrator account.

              From Start, select Run. In the box, type CMD - this opens a DOS command window.

              In that window type the following, exactly as shown.

               

              "%SystemRoot%\System32\regsvr32.exe" -u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"


              A dialog box should appear after the command is run to confirm that the re-registration process has succeeded.

               

              Close and reopen Internet Explorer for the changes to take effect.

               

              For 64-bit systems the commands are different. See the Microsoft documents for details.

               

               

              Message was edited by: Hayton on 01/05/14 21:03:16 IST

               

              Message was edited by: Hayton on 01/05/14 21:08:51 IST