This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Microsoft issues security advisory over Video ActiveX Control vulnerability

Share this article:
Microsoft has issued a security advisory over the Video ActiveX Control vulnerability.

Writing on the Security Response Centre blog, Microsoft's Christopher Budd claimed that the company was ‘aware of a code execution vulnerability within this control that can enable an attacker to run code as the logged-on user if they browse to a malicious site.'

The vulnerability would allow an attacker, who successfully exploited this vulnerability, to gain the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention.

The advisory claimed that the investigation has shown that there are no by-design uses for this ActiveX Control within Internet Explorer.

Budd said: “Therefore, we're recommending that all customers go ahead and implement the workaround outlined in the Security Advisory: setting all killbits associated with this particular control.

“While Windows Vista and Windows Server 2008 customers are not affected by this vulnerability, we are recommending that they also set these killbits as a defense-in-depth measure. Once that killbit is set, any attempt by malicious websites to exploit the vulnerability would not succeed.”

US-CERT encouraged users and administrators to review Microsoft Security Advisory 972890 and to implement the workaround listed in the advisory. This workaround will help mitigate the risks until a patch or update is released by the vendor.

Atif Mushtaq at the FireEye Malware Intelligence Lab claimed that in the coming days, more malware will be seen that pairs up with this exploit and that things will continue to get worse until Microsoft comes up with a patch. He also claimed that a huge spike of malware has already been seen since the exploit was made public.
Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

PCI Security Standards Forum warns on Backoff malware

PCI Security Standards Forum warns on Backoff malware

Malware around since last year, but only now visible to anti-virus security software.

Hundreds of Norwegian energy companies hit by cyber-attacks

Hundreds of Norwegian energy companies hit by cyber-attacks

Approximately 300 oil and energy companies in Norway have been hit by one of the biggest cyber-attacks ever to have happened in the country, a government official is reported to ...

US-Russia relations may spill over into cyberspace

US-Russia relations may spill over into cyberspace

Pro-Russian hackers may be taking a leaf out of their Chinese counterparts. They are alleged to have systematically attacked the servers of US banks, and allied financial organisations, since the ...