| By Mark Edwards |
Microsoft patched four vulnerabilities this month, but you’re still not entirely safe.
There’s a dangerous unpatched vulnerability, and the bad guys are actively exploiting it.
Watch out for .vbp file extensions
Until Microsoft releases a fix for the severe vulnerability involving Visual Basic, guard your systems against files that have a .vbp (Visual Basic Project) extension.
The simplest way is to filter your e-mail at the mail server so that no .vbp attachments make it to your desktops. Or, if you can’t control your particular mail server, then configure your mail client to either remove file attachments (if your client supports attachment removal) or create filter rules that move the e-mail itself to a folder where it can then be deleted or inspected.
To protect yourselves against Web sites that might link to dangerous .vbp files, you can either configure your Web filtering software to prevent access to links that lead to .vbp files, or you can keep a sharp eye on your surfing to make sure that you don’t inadvertently download and open any .vbp files.
Of course, taking the above steps will keep you from running any legitimate VB projects. But you can undo the blockade when I let you know that Microsoft has released a patch correcting the problem.