Administrators are advised to apply the appropriate updates.
Administrators are advised to browse the Internet with unprivileged accounts.
Administrators may consider configuring a more restrictive ACL on vgx.dll.
On vulnerable Windows XP or Windows Server 2003 systems, administrators may consider disabling vgx.dll by un-registering it; however, this may prevent websites that render VML from functioning correctly. Administrators can unregister vgx.dll by issuing the following command:
%SystemRoot%\System32\regsvr32.exe" -u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll
Users are advised not to view VML documents from untrusted
Users are advised to view email in plain text to avoid possible exploits when previewing or viewing an email containing VML content.
Users are advised not to follow unsolicited links. Users should verify the authenticity of an unexpected link from a trusted source prior to following it.
Administrators with ISA servers in use may consider blocking VML content to mitigate this vulnerability. Microsoft has released an article at the following link that details using the ISA Server 2006 to perform this function: Learn How Your ISA Server Helps Block VML Vulnerability Traffic