Patch released for high profile VML vulnerability
A patch for the high profile VML Vulnerability has been released by Micrososoft. It resolves not only the public vulnerability but also additional issues discovered through internal investigations. It is available via Windows Update, Microsoft Update, Autoupdate and WSUS.
It only applies to IE5 and IE6 machines. IE7 is immune to this (and most other) vulnerabilities.
Security Bulletin here:
Microsoft Security Response blog:
If the workaround “Modify the Access Control List on Vgx.dll to be more restrictive” has been applied to systems, the security updates provided may not install correctly. See the Workarounds for VML Buffer Overrun Vulnerability – CVE-2006-4868 section in this security bulletin for instructions on how to revert this workaround before applying this security update.
You may also wish to review Jesper's comments about reversing mitigations that may have been applied to your system: