As background, on October 10, Microsoft released Security Bulletin MS06-055 as a critical update. The purpose of the update was to fix a security issue identified in the way Vector Markup Language (VML) is handled that could allow an attacker to compromise a computer running Microsoft Windows and gain control over it. The problem is that there are still a fairly large number of Windows operating systems in use that have reached the end of "Life Cycle" where Microsoft will provide updates. (The information for all Microsoft software, games, tools, hardware is available in Product Life Cycle, which Microsoft reviews and updates regularly.)
ZERT (Zeroday Emergency Response Team) created a patch for Windows 9X, ME, 2000 (to SP3) and XP systems that have not updated to SP1, 1a or SP2 for the VML exploit. Hat Tip to "Lost" at Freedomlist for the link to c|net News in "Security pros patch older Windows versions", By Joris Evers which reports:
"The vulnerability, first reported last week, lies in a Windows component called "vgx.dll." This component supports Vector Markup Language (VML) graphics in the operating system. Malicious software can be loaded, unbeknownst to the user, onto a vulnerable PC when the user clicks on a malicious link on a Web site or an e-mail message."Of course the standard warnings of keeping antivirus software updated and and using caution when browsing the Internet applies, as does not clicking on a link in an e-mail from an untrusted source. If you still do not feel your computer is secure, check to see if the version of your operating system has been tested, see ZERT's Libraries Tested.
Here are the instructions for those downloading the file for the older computers, by Plodr:
- Grab the download from here:
- Unzip it and you'll get a ZPatch folder. Make sure you close IE and OE before you try to apply the patch.
- Click on the ZVGPatcher.exe which brings up a window
- Click on patch and close the window
- Open IE and go to
As Plodr also noted:
"If IE crashes, then you are not patched. Believe me I've had my share of crashes in the last several days until I got both 98SEs and ME patched. "