Tuesday, July 07, 2009

"Fix it" for Security Advisory 972890 and Infected Michael Jackson Videos

Microsoft released Security Advisory 972890, "Vulnerability in Microsoft Video ActiveX Control Could Allow Remote Code Execution". This is a vulnerability in Microsoft Video ActiveX Control. Successful exploitation of this vulnerability could result in gaining the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention.

This vulnerability only affects Windows XP and Windows Server 2003. Windows Vista or Windows Server 2008 are not affected. Not surprisingly, there have been reports of fake Michael Jackson videos sent via e-mail or served on web pages that include malware using this known vulnerability.

Microsoft has issued a workaround that disables the Microsoft Video ActiveX Control automatically on a computer that is running Windows XP or Windows Server 2003. Home computer users using Windows XP are strongly encouraged to use the Microsoft Fix it solution in order to disable the ActiveX Control.

Click the Fix it image to access the workaround:

Microsoft Fix It

When a security update has been released for this vulnerability, a Microsoft Fix it workaround is also provided to disable the workaround.


References:




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

No comments: