Microsoft warns of Internet Explorer Vulnerability !

Jul 7, 2009

“Prevent Microsoft Video ActiveX Control from running in Internet Explorer , Microsoft Security Advisory: Vulnerability in Microsoft Video ActiveX control could allow remote code execution.”
The advisory also states:
In a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker’s Web site.

An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
However,
“An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention,” said Microsoft security representatives.

This is the security advisory which microsoft has released especially for Windows XP and Server 2003 users.

This advisory discusses the following software.

Affected Software
Windows XP Service Pack 2 and Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems Non-Affected Software Microsoft Windows 2000 Service Pack 4 Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2 Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2 Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2

You may follow Microsoft website from here or You may directly Fix the problem from here(Note: this disable the ActiveX video features in IE). The workaround given on microsoft’s website currently disable all the Video ActiveX features.However if you are an advanced user you may like to know more about this issue and can manually disable this vulnerability from the registry check out Microsoft’s Manual .

The fix will apply to all the following:

• Microsoft Windows Server 2003 Service Pack 2, when used with:
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
  • Microsoft Windows Server 2003, Web Edition
  • Microsoft Windows Server 2003, Datacenter x64 Edition
  • Microsoft Windows Server 2003, Enterprise x64 Edition
  • Microsoft Windows Server 2003, Standard x64 Edition
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
  • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
• Microsoft Windows XP Service Pack 2, when used with:
  • Microsoft Windows XP Home Edition
  • Microsoft Windows XP Professional
• Microsoft Windows XP Service Pack 3, when used with:
  • Microsoft Windows XP Home Edition
  • Microsoft Windows XP Professional

If you are still facing problems you may contact the support here.

[ratings]