Windows 10: Undo Workaround After Follina Patch

Hello everyone,Would anyone be able to confirm if the registry key for the MSDT URL protocol needs to be restored after installing the security updates for June? I have not been able to find much support for this.Thank you,Techie

:)

 

Internet Explorer "Zero Day" Emergency 3rd Party Patch, &/or workarounds inside...

Microsoft Security Advisory (925568)

http://www.microsoft.com/technet/security/advisory/925568.mspx

4 possible & working ways to stop this newly discovered vulnerability in VGX.DLL, some more "radical" than others, but they DO each work:

==========================================

A.) Use this 3rd party patch, noted by EWeek (until VGX.DLL gets its "official MS Patch" on 'patch Tuesday' update on Tuesday, October 10, 2006):

http://www.eweek.com/article2/0,1895,2019162,00.asp

Download location:

http://isotf.org/zert/download.htm

Microsoft has tested the following workarounds below B-D. Although these workarounds will not correct the underlying vulnerability, they help block known attack vectors. When a workaround reduces functionality, it is identified in the following section.

------------------------------------------------------

Microsoft's "Suggested Actions &/or Workarounds":

B.) Alter the Access Control List for removing the "EVERYONE" user group using this commandline (until VGX.DLL gets its "official MS Patch" on 'patch Tuesday' update on Tuesday, October 10, 2006):

Note The following steps require Administrative privileges. It is recommended that the system be restarted after applying this workaround. It is also possible to log out and log back in after applying the workaround however; the recommendation is to restart the system.

Modify the Access Control List on Vgx.dll to be more restrictive

To modify the Access Control List (ACL) Vgx.dll to be more restrictive, follow these steps:

1. Click Start, click Run, type "cmd" (without the quotation marks), and then click OK.

2. Type the following command at a command prompt. Make a note of the current ACL’s that are on the file (including inheritance settings) for future reference in case you have to undo this modification:

cacls "%ProgramFiles%\Common Files\Microsoft Shared\VGX\vgx.dll"

3. Type the following command at a command prompt to deny the ‘everyone’ group access to this file:

echo y| cacls "%ProgramFiles%\Common Files\Microsoft Shared\VGX\vgx.dll" /d everyone

4. Close Internet Explorer, and reopen it for the changes to take effect.

Impact of Workaround: Applications and Web sites that render VML may no longer display or function correctly.

Configure Internet Explorer 6 for Microsoft Windows XP Service Pack 2 to disable Binary and Script Behaviors in the Internet and Local Intranet security zone.

------------------------------------------------------

C.) IE PROTECTION USING SECURITY ZONES ON ACTIVEX CONTROLS (until VGX.DLL gets its "official MS Patch" on 'patch Tuesday' update on Tuesday, October 10, 2006):

You can help protect against this vulnerability by changing your settings to disable binary and script behaviors in the Internet and Local intranet security zone. To do this, follow these steps:

1. In Internet Explorer, click Internet Options on the Tools menu.

2. Click the Security tab.

3. Click Internet, and then click Custom Level.

4. Under Settings, in the ActiveX controls and plug-ins section, under Binary and Script Behaviors, click Disable, and then click OK.

5. Click Local intranet, and then click Custom Level.

6. Under Settings, in the ActiveX controls and plug-ins section, under Binary and Script Behaviors, click Disable, and then click OK.

7. Click OK two times to return to Internet Explorer.

Impact of Workaround: Disabling binary and script behaviors in the Internet and Local intranet security zones may cause some Web sites that rely on VML to not function correctly.

------------------------------------------------------

D.) UNREGISTER THE VGX.DLL (until VGX.DLL gets its "official MS Patch" on 'patch Tuesday' update on Tuesday, October 10, 2006):

To un-register Vgx.dll, follow these steps:
1. Click Start, click Run, type "regsvr32 -u "%ProgramFiles%\Common Files\Microsoft Shared\VGX\vgx.dll"" (without the quotation marks), and then click OK.

2. A dialog box appears to confirm that the un-registration process has succeeded. Click OK to close the dialog box.

Impact of Workaround: Applications that render VML will no longer do so once Vgx.dll has been unregistered.

To undo this change, re-register Vgx.dll by following the above steps. Replace the text in Step 1 with "regsvr32 "%ProgramFiles%\Common Files\Microsoft Shared\VGX\vgx.dll”" (without the quotation marks).

==========================================

*Smile

* Any of those 4 will work - they go from "least radical, to worst radical"...

APK

P.S.=> This bug also affects Outlook 2003 (full outlook, not outlook express), so keep in mind that setting it to read messages in TEXT form, or RTF form, is better than allowing it to render them in HTML...

I have stated this security fix before here, hope folks took note of it because it works to protect you against IE weaknesses in HTML rendering in email too!

Here is that part:

Read e-mail messages in plain text format to help protect yourself from the HTML e-mail attack vector

Microsoft Outlook 2002 users who have applied Office XP Service Pack 1 or a later version and Microsoft Outlook Express 6 users who have applied Internet Explorer 6 Service Pack 1 or a later version can enable this setting and view e-mail messages that are not digitally signed or e-mail messages that are not encrypted in plain text only. Digitally signed e-mail messages or encrypted e-mail messages are not affected by the setting and may be read in their original formats. For more information about how to enable this setting in Outlook 2002, see Microsoft Knowledge Base Article 307594.

Impact of Workaround: E-mail messages that are viewed in plain text format will not contain pictures, specialized fonts, animations, or other rich content. Additionally:

1. The changes are applied to the preview pane and to open messages.

2. Pictures become attachments so that they are not lost.

3. Because the message is still in Rich Text or HTML format in the store, the object model (custom code solutions) may behave unexpectedly.

apk

 

eDellRoot Certificate Problem: Patch Available To Fix It Now ?


Hi,

The Patch you suggested worked well, and fast.
Sure a lot easier than following 17 steps !

Any idea when the new Patch for the new problem will be available ?

Will it be posted here ? Where ?

Thanks again for all the help,
Bob

 

Clean Install Workaround for Vista

You may remember this news story on techPowerUp! a couple of days ago relating to the lack of clean installs when using the Upgrade Editions of Vista, which required an old OS to be installed. However, Paul Thurrott has managed to find a workaround for this issue, which ironically lets users do a clean install Vista without any previous version of Windows, albeit a little tedious. Here are the steps:

• Boot from the Windows Vista Upgrade DVD as normal
• When prompted for a product code, leave this blank
• Select the version of Vista you have purchased and let Vista install
• When you boot to your desktop for the first time, run the Vista setup from Windows
• This time enter your product key
• When asked whether you want to do an Upgrade of Custom install, select custom and choose a clean install
• Windows will now install for a second time and you should be able to activate it

Remember, these steps are only advised for use in order to achieve a clean install of Vista, it is only legal to use the upgrade editions if you have previously purchased the appropriate version of Windows.

Source: DailyTech