This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Microsoft issues security advisory over Video ActiveX Control vulnerability

Share this article:
Microsoft has issued a security advisory over the Video ActiveX Control vulnerability.

Writing on the Security Response Centre blog, Microsoft's Christopher Budd claimed that the company was ‘aware of a code execution vulnerability within this control that can enable an attacker to run code as the logged-on user if they browse to a malicious site.'

The vulnerability would allow an attacker, who successfully exploited this vulnerability, to gain the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention.

The advisory claimed that the investigation has shown that there are no by-design uses for this ActiveX Control within Internet Explorer.

Budd said: “Therefore, we're recommending that all customers go ahead and implement the workaround outlined in the Security Advisory: setting all killbits associated with this particular control.

“While Windows Vista and Windows Server 2008 customers are not affected by this vulnerability, we are recommending that they also set these killbits as a defense-in-depth measure. Once that killbit is set, any attempt by malicious websites to exploit the vulnerability would not succeed.”

US-CERT encouraged users and administrators to review Microsoft Security Advisory 972890 and to implement the workaround listed in the advisory. This workaround will help mitigate the risks until a patch or update is released by the vendor.

Atif Mushtaq at the FireEye Malware Intelligence Lab claimed that in the coming days, more malware will be seen that pairs up with this exploit and that things will continue to get worse until Microsoft comes up with a patch. He also claimed that a huge spike of malware has already been seen since the exploit was made public.
Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

New Androids will encrypt your data just like iPhones

New Androids will encrypt your data just like ...

Google has promised that the next generation of Android phones will automatically encrypt data - preventing police and other agencies snooping on their users.

Russian cyber attack exploits Scottish independence vote

Russian cyber attack exploits Scottish independence vote

UK oil firms warned to guard against new campaign as Russian malware exploits Scottish independende vote.

Card and banking fraud back on the rise again

Card and banking fraud back on the rise ...

Banking and card fraud back on the rise again says the FFA UK as crime increasingly moves online.