Blocking the VML Internet Explorer exploit

Folks, add this to your Postfix servers ASAP.  Microsoft’s unpatched VML vulnerability will probably be exploited via email within the next couple of days:

/etc/postfix/main.cf:
  body_checks =
   pcre:/etc/postfix/body_checks.regexp

/etc/postfix/body_checks.regexp:
  /<v:rect/       REPLACE <safety: MS VML tag removed>
  /<v:fill/       REPLACE <safety: MS VML tag removed>

References:
http://internetweek.cmp.com/193004562?cid=rssfeed_pl_inw
http://www.microsoft.com/technet/security/advisory/925568.mspx
http://secunia.com/advisories/21989/

The exploit:
http://www.securityfocus.com/archive/1/446505

Leave a Reply

Your email address will not be published.