PC Security Forum

Full Version: Microsoft Warns of Serious Security Hole
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Microsoft is investigating a privately reported vulnerability in Microsoft Video ActiveX Control. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention.

It can allow hackers to remotely take control of victims' machines. The victims don't need to do anything to get infected except visit a Web site that's been hacked.

"We are aware of attacks attempting to exploit the vulnerability."

"Our investigation has shown that there are no by-design uses for this ActiveX Control in Internet Explorer which includes all of the Class Identifiers within the msvidctl.dll that hosts this ActiveX Control. For Windows XP and Windows Server 2003 customers, Microsoft is recommending removing support for this ActiveX Control within Internet Explorer using all the Class Identifiers listed in the Workaround section. Though unaffected by this vulnerability, Microsoft is recommending that Windows Vista and Windows Server 2008 customers remove support for this ActiveX Control within Internet Explorer using the same Class Identifiers as a defense-in-depth measure.

Customers may prevent the Microsoft Video ActiveX Control from running in Internet Explorer, either manually using the instructions in the Workaround section or automatically using the solution found in Microsoft Knowledge Base Article 972890. By preventing the Microsoft Video ActiveX Control from running in Internet Explorer, there is no impact to application compatibility.

We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers.

Microsoft is currently working to develop a security update for Windows to address this vulnerability and will release the update when it has reached an appropriate level of quality for broad distribution."


To implement the workaround that disables the Microsoft Video ActiveX Control automatically on a computer that is running Windows XP or Windows Server 2003, click the Fix this problem link under Enable workaround. To undo the workaround, click the Fix this problem link under Disable workaround. Then click Run in the File Download dialog box, and follow the steps in this wizard.

Great to know that IE's market share is dying thanks to Firefox and Safari mostly, and in part to Chrome. IE is a non-standards compliant browser with tons of security holes and it's a pain in the ass for developers. It needs to die a horrible, slow, and painful death.

It's market share is down to 55% now!
Yeah, Those who do not evolve perish. The same is going with IE, the newer version keep becoming worse and then it falls short of others in features set as well.
What is worrying is that the exploit (like most others) is available
for hackers to exploit the best part of the decade.
Which begs the question, how effective is clogging securitywise? Assuming
that (say) 50% of all exploits NT/2000/XP have now been found and corrected,
leaving 50% still available for hackers to exploit. If pirates
found some of the other 50% and the security guys did not ... then you have a
problem. No matter how well-patched you.
Great news !!!!!!!!@@!!!!!!
Making people aware that ActiveX controls can be harmful. There is any security alert they see is genuine. It has doubts about the source of a link or alarm.
There are a number of methods to secure your pc for these you have to set up the antivirus and also you have to upgrade frequent and it can provide so many things which is great to know about it.
Reference URL's