FEATURE NEWS Free eNews Subscription

Microsoft Updates IE Zero Day Vulnerability Workarounds

By

Microsoft has not issued an “all clear” for us to go back to surfing the web using the various versions of its Internet Explorer (IE) browser which recently was exposed as being vulnerable to nasty zero-day cyber attacks.  However, Microsoft is making progress on helping IT departments mitigate the risks of being compromised. They have updated the workaround section of their original advisory on the problem.

As has been noted since the vulnerability was discovered, while in theory all versions of IE could be targets for being compromised, thus far the bad guys have focused their attention on the most popularly used versions of IE, versions 9, 10 and 11, and have done so leveraging the nearly ubiquitous Adobe Flash as their vector.  Indeed, as security professionals constantly observe, like bank robbing it is the place where the money is that have the weakest defenses that draw the most attention.

Scroll down to the workarounds for latest clarifications

Here is what you need to know in terms of the update to the advisory. (Details can be obtained by scrolling down to the workarounds section).

  1. On x64-based Systems, Enable Enhanced Protected Mode for Internet Explorer 10; or Enable Enhanced Protected Mode and Enable 64-bit Processes for Enhanced Protected Mode for Internet Explorer 11 . The original advisory had identified the work version of IE for which this was the solution. 
  2. The April 26 version of the advisory said to change the Access Control List (ACL) for program file, VGX.DLL, which goes by the description "Vector Graphics Rendering (VML)." The update advises that while this works, it is simpler to unregister the DLL using the command lines in the advisory, and they also give details on reversing the ACL method.

So the good news is that help is on the way. The not so good news is that instances of attacks in the wild have been occurring, and until there is a final solution, caution should be observed and IE only used if absolutely necessary.

For real personal and professional security reasons, it obviously would be imprudent to disclose any instances where you must use IE. Reality is that instances where policies and rules dictate its use are extremely common which is why they are best kept quiet. 

As the saying goes, “April showers bring May flowers,” and hopefully this rain on the Microsoft soil will yield a robust solution soon.




Edited by Maurice Nagle
Get stories like this delivered straight to your inbox. [Free eNews Subscription]
Author Info
Peter Bernstein

Senior Editor

Click here to read full bio

SHARE THIS ARTICLE
Share
Related Articles

Tech Podcast Award Winners Bring Excitement and Enthusiasm to a Range of Important Tech Topics

By: TMCnet Staff    6/18/2025

Tech Podcast Award winners produce engaging, informative, and often entertaining content, bringing valuable insight from industry front lines to the e…

Read More

How Mobile Technology is Driving the Shift to Casino Apps

By: Contributing Writer    6/12/2025

Recent years have seen casino apps completely changing the online casino experience. Thanks to mobile-first technology, apps are becoming the default.…

Read More

Decentralized IT Management: Fad or Future?

By: Contributing Writer    6/5/2025

Managing IT feels like an ongoing balancing act for many businesses. Centralized systems often create bottlenecks, slow down teams, and frustrate empl…

Read More

IT Management as a Driver of ESG Initiatives

By: Contributing Writer    6/5/2025

Businesses today face growing pressure to meet environmental, social, and governance (ESG) standards. Customers demand greener practices. Investors lo…

Read More

Everything You Need to Know About Mobile Casinos

By: Contributing Writer    5/30/2025

We live in the age of technology and we have come to solve things on the go, whether we are talking about personal or job-related issues. We have come…

Read More
View All News