Using Group Policy to block the zero-day exploit

Jesper’s blog has a workaround:

If you have a Windows Domain you can use Group Policy to block this attack much more easily than having to touch every system manually. With the help of my good friend Alun Jones I was able to produce two security templates that disable and enable, respectively, the dll that renders VML. Here is the one that disables it:

Link here via Sandi.