Search
Member List
Calendar
Help
PC Security Forum
/
Computer Security
/
General Security Discussions 
/
Microsoft Warns of Serious Security Hole
/
Microsoft Warns of Serious Security Hole
|
Microsoft Warns of Serious Security Hole
|
|
08-07-2009, 02:51 AM
Post: #1
|
|||
|
|||
|
Microsoft Warns of Serious Security Hole
Microsoft is investigating a privately reported vulnerability in Microsoft Video ActiveX Control. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention.
It can allow hackers to remotely take control of victims' machines. The victims don't need to do anything to get infected except visit a Web site that's been hacked. "We are aware of attacks attempting to exploit the vulnerability." "Our investigation has shown that there are no by-design uses for this ActiveX Control in Internet Explorer which includes all of the Class Identifiers within the msvidctl.dll that hosts this ActiveX Control. For Windows XP and Windows Server 2003 customers, Microsoft is recommending removing support for this ActiveX Control within Internet Explorer using all the Class Identifiers listed in the Workaround section. Though unaffected by this vulnerability, Microsoft is recommending that Windows Vista and Windows Server 2008 customers remove support for this ActiveX Control within Internet Explorer using the same Class Identifiers as a defense-in-depth measure. Customers may prevent the Microsoft Video ActiveX Control from running in Internet Explorer, either manually using the instructions in the Workaround section or automatically using the solution found in Microsoft Knowledge Base Article 972890. By preventing the Microsoft Video ActiveX Control from running in Internet Explorer, there is no impact to application compatibility. We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers. Microsoft is currently working to develop a security update for Windows to address this vulnerability and will release the update when it has reached an appropriate level of quality for broad distribution." http://www.microsoft.com/technet/se...ory/972890.mspx To implement the workaround that disables the Microsoft Video ActiveX Control automatically on a computer that is running Windows XP or Windows Server 2003, click the Fix this problem link under Enable workaround. To undo the workaround, click the Fix this problem link under Disable workaround. Then click Run in the File Download dialog box, and follow the steps in this wizard. http://support.microsoft.com/kb/972890#FixItForMe |
|||
|
|
« Next Oldest | Next Newest »
|
| Messages In This Thread |
|
Microsoft Warns of Serious Security Hole - Moksh - 08-07-2009 02:51 AM
RE: Microsoft Warns of Serious Security Hole - alton - 01-06-2010, 07:11 PM
RE: Microsoft Warns of Serious Security Hole - Aakash - 01-07-2010, 12:43 AM
RE: Microsoft Warns of Serious Security Hole - jefcully - 08-14-2010, 11:38 PM
RE: Microsoft Warns of Serious Security Hole - jhonas - 02-01-2011, 04:32 PM
RE: Microsoft Warns of Serious Security Hole - gamajeorge - 09-28-2011, 05:06 AM
RE: Microsoft Warns of Serious Security Hole - adlersmith - 09-30-2016, 04:33 PM
|
User(s) browsing this thread: 1 Guest(s)