Disable Your VML Rendering NOW

  • Comments: 5
  • Written on: September 23rd, 2006

On September 12, 2006 a new security vulnerability was discovered in Internet Explorer that was confirmed by Microsoft Security Advisory (925568). This vulnerability has been used by websites to take control of a user’s computer. Microsoft has stated that they will not release a patch for the VML rendering security vulnerability until October 10, 2006. This security problem affects all Windows users from Windows 98 to Windows XP, even if you use a browser other than Internet Explorer.

The only way to protect your system at the present time is to completely disable VML rendering in your Internet Explorer browser.

We have created a small utility that easily turns your VML rendering on or off. If you use this utility to turn off VML rendering, the utility will automatically re-enable it on October 11, 2006 – the day after Microsoft’s expected patch release. This is accomplished by adding a start-up item that checks the current date each time your computer is booted. After October 11, 2006 the start-up item is automatically removed.

If you use the Schrock utility to disable your VML rendering you may notice that some pages (like Google Maps) will not display their graphics properly. As a work around for this, our utility will also prompt you to install the free Mozilla Firefox web browser unless you have done so already. Firefox works almost the same as Internet Explorer, but it is not affected by this security problem. We recommend users temporarily switch to FireFox until Microsoft releases an official patch for this problem.

You can download the utility at: Disable VML Rendering Utility

*Note* This utility requires Windows 2000 or Windows XP and the .Net Framework 2.0 (available from Windows Update)

  1. Photo Guy said on September 23rd, 2006 at 10:04 am

    What’s the deal with Microsoft? Seems like this month is full of bad publicity for them. Should they start concidering sending patches more than once a month?

  2. thorschrock said on September 23rd, 2006 at 10:48 am

    This has been a bad month for them, and I think they definitely need to rethink their monthly strategy. The Internet is moving to a real-time medium and hopefully Microsoft’s incoming CEO will recognise that.

  3. Joyce Bjorklund said on September 25th, 2006 at 3:36 pm

    Thanks for the info!

  4. Martin C. said on September 26th, 2006 at 6:46 pm

    Sorry, but these two excerpts befuddled me a bit:
    "This security problem affects all Windows users from Windows 98 to Windows XP, even if you use a browser other than Internet Explorer."
    "Firefox works almost the same as Internet Explorer, but it is not affected by this security problem."
    So, aimed directly at Firefox, can it become "infected?"

  5. Thor Schrock said on September 26th, 2006 at 8:40 pm

    Internet Explorer is a core component of Windows, and therefore all versions of Windows from 98 to present (with the exception of Windows Server 2003) could be attacked through this exploit.

    Presently, the only code on the web that makes use of this exploit is targeted toward the Internet Explorer browser itself. It is conceivable that this exploit could be used in other ways, so by disabling your VML rendering you are closing the door on this one completely until MS releases a patch.

    For most basic users, FireFox can be used interchangeably with Internet Explorer to view websites, check web-based email, do online banking and the like. We are simply stating that when you disable IE’s VML Rendering, you may want to use FireFox if you have trouble with the graphics on a particular website.

What do you think? Join the discussion...

How do I change my avatar?

Go to gravatar.com and upload your preferred avatar.

Subscribe to My RSS Feed

Subscribe Form Click to Subscribe or

      TwitterCounter for @thorschrock

Ed Wunder Loves Schrock's Service

Popular Posts

Top Commentators

Schrock Innovations' New Ride

Revolution Wraps Rocks!

Geek Squad Hires Anyone!

Other Recent Videos

We're on the Morning Blend answering your Lincoln Nebraska computer repair questions regarding warranties

Need your computer repaired in Omaha? If you're never visited Schrock Innovations before (1st time client), stop by for a FREE hour of repair

Our Open Adoption

    Kim and I are seeking to adopt another child through Open Adoption. If you know of a birth mother seeking a stable, loving family in Nebraska, please direct her to our website at nebraskaopenadoption.com.

Thor's Sponsors

© Thor Schrock 2009