• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Big Hole in IE!!!! (Patch is Here, May1!!!)

Page 2 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.
The fix is pretty easy:
Code: 
regsvr32 -u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"

Unregisters the never-used VML renderer, which stops this particular exploit.

Matter of fact, you can paste that into a text file on a flash drive and name it whatever.bat, and then you can fix all your machines with just a double click.
 
crashtech said:
The fix is pretty easy:
Code: 
regsvr32 -u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"
Unregisters the never-used VML renderer, which stops this particular exploit.

Matter of fact, you can paste that into a text file on a flash drive and name it whatever.bat, and then you can fix all your machines with just a double click.
Click to expand...

If it's that easy, how come MS has yet to issue a patch?
 
TBH it's been a while since IE has had a major exploit. They're doing pretty good. But question is, why are people still using that archaic browser?
 
Red Squirrel said:
TBH it's been a while since IE has had a major exploit. They're doing pretty good. But question is, why are people still using that archaic browser?
Click to expand...

As I shared, Pale Moon is currently my default browser, FX was before that, but I choose to retain IE as well, and bet more people do than not.

And, I would not call IE, esp 11, archaic. Less Than, compared to say, PM, U bet, archaic, NO. Newer, most often, esp in apps, does not mean better.
 
Last edited:
crashtech said:
Because it's to easy and expedient, and it disables one of their precious but useless inventions.
Click to expand...

Erm, their "precious invention" predated SVG. Back when VML first came out, that was what you had to use if you wanted vector graphics. Hell, SVG hadn't even become a W3C rec when XP went RTM. Yes, in the time since, SVG was finalized and it took off, and Microsoft even deprecated VML in favor of SVG. That doesn't change the fact that over the course of VML's life, there have been uses for VML (even by Google!), and although most have now migrated to SVG, killing VML outright will break things and elicit cries of, "Stupid Windows updates, breaking compatibility all the time!" from some people.
 
Red Squirrel said:
TBH it's been a while since IE has had a major exploit. They're doing pretty good. But question is, why are people still using that archaic browser?
Click to expand...

It has been the standard browser at every company I've worked at, and that's because of app compatibility. SharePoint, for example, works best with IE.
 
code65536 said:
Erm, their "precious invention" predated SVG. Back when VML first came out, that was what you had to use if you wanted vector graphics. Hell, SVG hadn't even become a W3C rec when XP went RTM. Yes, in the time since, SVG was finalized and it took off, and Microsoft even deprecated VML in favor of SVG. That doesn't change the fact that over the course of VML's life, there have been uses for VML (even by Google!), and although most have now migrated to SVG, killing VML outright will break things and elicit cries of, "Stupid Windows updates, breaking compatibility all the time!" from some people.
Click to expand...


I may not understand the specifics above, but I am positive all those data are accurate, and so, IMPORTANT.

This is not the time to be cavalier and dismissive/take UNJUSTIFIED SHOTS at MS.
 
If the above command breaks any functionality, re-run it without the -u with elevated (admin) privileges and everything will be back the way it was. It's easy and free, no hand-wringing required.
 
crashtech said:
If the above command breaks any functionality, re-run it without the -u with elevated (admin) privileges and everything will be back the way it was. It's easy and free, no hand-wringing required.
Click to expand...


I choose to demur re this suggestion. I choose to wait for the official patch.
 
Last edited:
crashtech said:
If the above command breaks any functionality, re-run it without the -u with elevated (admin) privileges and everything will be back the way it was. It's easy and free, no hand-wringing required.
Click to expand...

Yes.

And yes, most people would not miss VML (I know I wouldn't). But the point is that Microsoft can't push out a quick update to every user that just disables VML, because there will be people who do rely on it, so it's pretty flippant and inaccurate to blame it on Microsoft's ego (esp. when they themselves had already deprecated VML for SVG!).
 
I'm just sorry if my flippant attitude has caused anyone to reject and distrust a transparently harmless and easy mitigation method. I will now withdraw my participation.
 
crashtech said:
I'm just sorry if my flippant attitude has caused anyone to reject and distrust a transparently harmless and easy mitigation method. I will now withdraw my participation.
Click to expand...

Please, we are adults; this is not some infant sporting event to determine the respective worthiness of the participants based on some apparently intense need for others to obey suggestions. As opposed to chasing data as a COLLECTIVE and making our own.

NOTHING HERE FOR ANY ADULT TO TAKE PERSONALLY. You are showing a real lack of respect for your fellow members here, because of some thin skin issue. Don matter wut color the skin it, including blue.

Please ponder.
 
Last edited:
crashtech said:
I'm just sorry if my flippant attitude has caused anyone to reject and distrust a transparently harmless and easy mitigation method. I will now withdraw my participation.
Click to expand...

I never said that the workaround was bad. The post that I quoted wasn't even the post about unregistering that COM object. I was explaining why Microsoft can't go around axing every legacy feature in the OS. As I said, most people wouldn't miss VML, the implication being that, for most people, disabling VML is just fine.

Microsoft themselves suggested that workaround in their own security advisory. They long ago deprecated VML. So, yes, to blame them for not doing anything rash because it's "to [sic] easy" and because they somehow want to protect a "precious" feature is being flippant.


(n.b.: On 64-bit Windows, the command posted in this thread only unregisters the 64-bit version of the COM object, which isn't the one used by 32-bit IE, and 32-bit IE is the default browser. The commands to unregister both the 32- and 64-bit copies can be found in the security advisory linked above, which also lists a number of other workarounds.)
 
Last edited:
code65536 said:
(n.b.: On 64-bit Windows, the command posted in this thread only unregisters the 64-bit version of the COM object, which isn't the one used by 32-bit IE, and 32-bit IE is the default browser. The commands to unregister both the 32- and 64-bit copies can be found in the security advisory linked above, which also lists a number of other workarounds.)
Click to expand...
Good info, thank you.
 
Victorian Gray said:
I appreciated your posting the info. Thank you.
Click to expand...

You are welcome. If you are interested in applying this fix to a 64-bit version of Windows, add the following command in order to unregister both versions of the dll:
Code: 
regsvr32 -u "%CommonProgramFiles(x86)%\Microsoft Shared\VGX\vgx.dll"

And again thanks to code65536 for pointing out the incomplete nature of the fix for 64-bit systems.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top