A new set of exploit code we have examined shows that Javascript is no longer a valid mitigation for the exploit. In other words, turning off Javascript won’t necessarily stop this thing from infecting your system.
Unregistering vgx.dll is the primary mitigation route on this exploit.
Other workarounds at the Microsoft advisory. Enterprise mitigation tip here.
Alex Eckelberry