[There's a reason that Yoda is the unofficial mascot of SBS. Size indeed matters not.] IE zero day patch is out - THE OFFICIAL BLOG OF THE SBS DIVA
Tue, Sep 26 2006 12:02 bradley

IE zero day patch is out

Microsoft Security Bulletin MS06-055 - Vulnerability in Vector Markup
Language Could Allow Remote Code Execution (925486)
http://www.microsoft.com/technet/security/Bulletin/MS06-055.mspx

The zero day IE patch is now released but it's very important that you undo whatever mitigations you performed in order to protect yourself for this.

In my case it's a piece of cake to undo what I did, but if you unregistered the dll, reregister it, if you acl'd the file, de-acl it.

Review Dr. J's blog as well for follow up issues with the mitigations you took:

Jesper's Blog : Negative Impacts of VML Vulnerability Workaround:
http://msinfluentials.com/blogs/jesper/archive/2006/09/26/Negative-Impacts-of-VML-Vulnerability-Workaround.aspx

Filed under:

# re: IE zero day patch is out

Wednesday, September 27, 2006 2:59 PM by Tim Long

Couple of caveats...

When I tried to apply the patch on my SBS server, the installation failed. I had previously applied the group policy that added Deny Everyone to the VGX.dll file accross my domain. Even though I had reversed the policy (i.e. applied the new policy to set the file to inherit all permissions) and updated group policy and verified that it had taken effect - the update still failed. I renamed the dll (SFC immediately put back a fresh copy) then the update succeeded.

If you've gone the ISA route and added VML filters to all your HTTP rules, note that this will prevent Outlook RPC-over-HTTP from working and it will also affect the layout of the default Companyweb home page. This is probably moot now that the patch is out and it is safe to remove the VML filtering. All the problems go away when the filters are removed.

# re: IE zero day patch is out

Wednesday, September 27, 2006 7:08 PM by Jim Harrison

Watch out for Word-edited web pages you might be publishing, too. It adds a nice set of propertiy statements in the HTML tag that the filter is designed to block. ISATools.org was not happy until I changed this. Basically, it just goes to show that you need to test your applications after adding any blocking mechanism.