The Girl from Ipanema
July 8th, 2009, 11:49 am
Service(s) Affected: Windows XP Service Pack 2 and Windows XP Service Pack 3 (Home, Professional, and Media Center Editions)
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2 (Standard, Datacenter, and Enterprise Editions)
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems (Datacenter and Enterprise Editions)
News Details: Microsoft Security Advisory: Vulnerability in Microsoft Video ActiveX control could allow remote code execution
Microsoft has released a security advisory concerning a Microsoft Video ActiveX control for Internet Explorer. If an attacker successfully exploits this vulnerability, they can gain the same rights as the logged on user. As many users log in to their machines with administrator rights, this means the remote attacker will also have Administrator rights if the attack is successful. Additionally, this attack can be crafted such that it requires no user interaction to implement, which means that the user will have no indication that the attack has occurred at all.
Additional Information: A workaround to disable the Microsoft Video ActiveX Control is available at http://support.microsoft.com/kb/972890.
This workaround requires Administrator rights on the machine to implement. It is recommended that this workaround be utilized even if a third-party browser is installed and used as the default browser.
Notes to Technicians: Microsoft has posted more detailed information in an advisory at http://www.microsoft.com/technet/security/advisory/972890.mspx.
It is recommended that this workaround be utilized even if a third-party browser is installed and used as the default browser.
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2 (Standard, Datacenter, and Enterprise Editions)
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems (Datacenter and Enterprise Editions)
News Details: Microsoft Security Advisory: Vulnerability in Microsoft Video ActiveX control could allow remote code execution
Microsoft has released a security advisory concerning a Microsoft Video ActiveX control for Internet Explorer. If an attacker successfully exploits this vulnerability, they can gain the same rights as the logged on user. As many users log in to their machines with administrator rights, this means the remote attacker will also have Administrator rights if the attack is successful. Additionally, this attack can be crafted such that it requires no user interaction to implement, which means that the user will have no indication that the attack has occurred at all.
Additional Information: A workaround to disable the Microsoft Video ActiveX Control is available at http://support.microsoft.com/kb/972890.
This workaround requires Administrator rights on the machine to implement. It is recommended that this workaround be utilized even if a third-party browser is installed and used as the default browser.
Notes to Technicians: Microsoft has posted more detailed information in an advisory at http://www.microsoft.com/technet/security/advisory/972890.mspx.
It is recommended that this workaround be utilized even if a third-party browser is installed and used as the default browser.