This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Microsoft issues security advisory over Video ActiveX Control vulnerability

Share this article:
Microsoft has issued a security advisory over the Video ActiveX Control vulnerability.

Writing on the Security Response Centre blog, Microsoft's Christopher Budd claimed that the company was ‘aware of a code execution vulnerability within this control that can enable an attacker to run code as the logged-on user if they browse to a malicious site.'

The vulnerability would allow an attacker, who successfully exploited this vulnerability, to gain the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention.

The advisory claimed that the investigation has shown that there are no by-design uses for this ActiveX Control within Internet Explorer.

Budd said: “Therefore, we're recommending that all customers go ahead and implement the workaround outlined in the Security Advisory: setting all killbits associated with this particular control.

“While Windows Vista and Windows Server 2008 customers are not affected by this vulnerability, we are recommending that they also set these killbits as a defense-in-depth measure. Once that killbit is set, any attempt by malicious websites to exploit the vulnerability would not succeed.”

US-CERT encouraged users and administrators to review Microsoft Security Advisory 972890 and to implement the workaround listed in the advisory. This workaround will help mitigate the risks until a patch or update is released by the vendor.

Atif Mushtaq at the FireEye Malware Intelligence Lab claimed that in the coming days, more malware will be seen that pairs up with this exploit and that things will continue to get worse until Microsoft comes up with a patch. He also claimed that a huge spike of malware has already been seen since the exploit was made public.
Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Google and Facebook offer free cyber-security tools

Google and Facebook offer free cyber-security tools

Google and Facebook have both launched free open-source cyber-security tools this week, designed to help security professionals spot malware and cyber-attacks.

Mixed results for key Government cyber-initiatives

Mixed results for key Government cyber-initiatives

The Government's Verify scheme to confirm IDs is behind scheuduled uptake, but its CISP threat intelligence sharing scheme is ahead of target.

Hundreds of companies face 2,000 cyber-attacks in EU exercise

Hundreds of companies face 2,000 cyber-attacks in EU ...

The European Network and Information Security Agency (ENISA) conducted a 24-hour cyber-exercise in which more than 200 organisations from 25 EU member states faced virtual cyber-attacks from white hat hackers ...