This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Microsoft issues security advisory over Video ActiveX Control vulnerability

Share this article:
Microsoft has issued a security advisory over the Video ActiveX Control vulnerability.

Writing on the Security Response Centre blog, Microsoft's Christopher Budd claimed that the company was ‘aware of a code execution vulnerability within this control that can enable an attacker to run code as the logged-on user if they browse to a malicious site.'

The vulnerability would allow an attacker, who successfully exploited this vulnerability, to gain the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention.

The advisory claimed that the investigation has shown that there are no by-design uses for this ActiveX Control within Internet Explorer.

Budd said: “Therefore, we're recommending that all customers go ahead and implement the workaround outlined in the Security Advisory: setting all killbits associated with this particular control.

“While Windows Vista and Windows Server 2008 customers are not affected by this vulnerability, we are recommending that they also set these killbits as a defense-in-depth measure. Once that killbit is set, any attempt by malicious websites to exploit the vulnerability would not succeed.”

US-CERT encouraged users and administrators to review Microsoft Security Advisory 972890 and to implement the workaround listed in the advisory. This workaround will help mitigate the risks until a patch or update is released by the vendor.

Atif Mushtaq at the FireEye Malware Intelligence Lab claimed that in the coming days, more malware will be seen that pairs up with this exploit and that things will continue to get worse until Microsoft comes up with a patch. He also claimed that a huge spike of malware has already been seen since the exploit was made public.
Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

VC cyber security funding tops £850 million

VC cyber security funding tops £850 million

A new study from US-based research firm CBI Insights reveals that corporate cyber security investments have risen five-fold since 2009, with 30 percent growth in the last year alone.

Russian/Chinese cyber-security pact raises concerns

Russian/Chinese cyber-security pact raises concerns

News that Russia and China are set to sign a cyber-security treaty next month have left Western cyber experts unsure whether it is a threat or a promising development.

UK police arrest trio over £1.6 million cyber theft from cash machines

UK police arrest trio over £1.6 million cyber ...

London Police have arrested three suspected members of an Eastern European cyber-crime gang who installed malware on more than 50 bank ATM machines across the UK to steal £1.6 million.