Zero Day Exploit for Microsoft Video ActiveX Control
For
the non-centrally managed Windows computers
If you have a Windows computer that is not centrally
managed you should read the Microsoft Advisory
(972890)
Here is a summary of the article:
Microsoft is investigating a privately reported
vulnerability in Microsoft Video ActiveX Control. An attacker who
successfully exploited this vulnerability could gain the same user rights as
the local user. When using Internet Explorer, code execution is remote and
may not require any user intervention.
We are aware of attacks attempting to exploit the vulnerability.
Our investigation has shown that there are no by-design uses for this
ActiveX Control in Internet Explorer which includes all of the Class
Identifiers within the msvidctl.dll that hosts this ActiveX Control. For
Windows XP and Windows Server 2003 customers, Microsoft is recommending
removing support for this ActiveX Control within Internet Explorer using all
the Class Identifiers listed in the Workaround section of the advisory.
Though unaffected by this vulnerability, Microsoft is recommending that
Windows Vista and Windows Server 2008 customers remove support for this
ActiveX Control within Internet Explorer using the same Class Identifiers as
a defense-in-depth measure.
Customers may prevent the Microsoft Video ActiveX Control from running in
Internet Explorer, either manually using the instructions in the Workaround
section of the advisory or automatically using the solution found in
Microsoft Knowledge Base Article 972890
<http://support.microsoft.com/kb/972890> . By preventing the Microsoft Video
ActiveX Control from running in Internet Explorer, there is no impact to
application compatibility.
We are actively working with partners in our Microsoft Active Protections
Program (MAPP) <http://www.microsoft.com/security/msrc/mapp/overview.mspx>
to provide information that they can use to provide broader protections to
customers.
Microsoft is currently working to develop a security update for Windows to
address this vulnerability and will release the update when it has reached
an appropriate level of quality for broad distribution.
Mitigating Factors
...
• In a Web-based attack scenario, an attacker could host a Web site that
contains a Web page that is used to exploit this vulnerability. In addition,
compromised Web sites and Web sites that accept or host user-provided
content or advertisements could contain specially crafted content that could
exploit this vulnerability. In all cases, however, an attacker would have no
way to force users to visit these Web sites. Instead, an attacker would have
to persuade users to visit the Web site, typically by getting them to click
a link in an e-mail message or Instant Messenger message that takes users to
the attacker's Web site.
• An attacker who successfully exploited this vulnerability could gain the
same user rights as the local user. Users whose accounts are configured to
have fewer user rights on the system could be less impacted than users who
operate with administrative user rights.
Recommendations
Review Microsoft Security Advisory
972890 for an overview
of the issue, details on affected components, mitigating factors, suggested
actions, frequently asked questions (FAQs), and links to additional
resources.
Customers who believe they are affected can contact Customer Service and
Support (CSS) in North America for help with security update issues or
viruses at no charge using the PC Safety line (866) PCSAFETY. International
customers can contact Customer Service and Support by using any method found
at
http://www.microsoft.com/protect/worldwide/default.mspx.
A workaround is available at
http://support.microsoft.com/kb/972890.
