As if Heartbleed Wasn’t Enough, Here is Another Emergency:
Please forward this to your IT Techs immediately. As with Heartbleed, this is a vulnerability that attackers are already using against you and nobody knew until right now. These are called “zero-day attacks.”
This blog is aimed at non-technical executives and owners, and this “technical” release is so that you can forward this to your IT Pros. Forward it to every one you care about “not getting hacked” because you and they may already be.
The good news is – you can “turn off the vulnerability” like a light switch.
Credit for this alert goes to our resident Citrix and VMware “Virtualization Guru.” He explains:
A security flaw has been found in all versions of Internet Explorer and this flaw has already been exploited by cyber criminals. At this time, no patch has been provided by Microsoft.
This excerpt from the Microsoft article explaining the exploit provides the pertinent facts:
“…The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website…”
Customers should protect their own Windows computers from this flaw by following these steps:
- Open a Command Prompt window (hold the Windows key on your keyboard and type “r”, then type CMD in the “Open:” box
- In the Command Prompt window that opens up, type the following (it’s probably easiest to copy and paste from this blog): regsvr32 -u “%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll”
As mentioned before, Microsoft has not made public a patch to fix the bug. When a patch is made available, install the patch and then reverse the above command, running cmd admin, by re-registering the vgx.dll file: regsvr32 “%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll”
Please post your comments below….