Microsoft has released a security advisory about a vulnerability in Microsoft Video ActiveX Control which can be exploited remotely in Internet Explorer. The vulnerability advisory states that Microsoft is aware that attackers are trying to exploit the vulnerability. Internet Explorer users are therefor advised to fix the vulnerability as soon as possible to prevent possible attacks on their computer system.
The security vulnerability affects only Windows XP and Windows Server 2003 systems. Computer systems running Windows Vista, Windows Server 2008 or Windows 7 are not affected because “the ability to pass data to this control within Internet Explorer” is restricted in these operating systems.
A successful attack will give the attacker the same user rights as the currently logged in user. Microsoft has issued a workaround for the Internet Explorer vulnerability that can be applied manually or using Microsoft Fix It.
The fastest way to patch the security vulnerability is to use the Microsoft Fix It script that will perform all the actions of the workaround automatically. The fix will basically remove support for the ActiveX Control in Internet Explorer. This should not have any impact on the web browser’s functionality according to Microsoft.
Enjoyed the article?: Then sign-up for our free newsletter or RSS feed to kick off your day with the latest technology news and tips, or share the article with your friends and contacts on Facebook or Twitter.Related Articles:
Microsoft Confirms Internet Explorer Vulnerability [Security]New Internet Explorer Vulnerability Confirmed
Microsoft Posts Advisory About New Internet Explorer Vulnerability
Microsoft Releases Internet Explorer 0-Day Vulnerability Fix-It
Old Internet Explorers Affected By Security Vulnerability
I recently discovered a 100% reproducible IE-crash bug (http://crashie8.com) that doesn’t involve any javascript or ActiveX – just HTML & CSS. Tried to let someone at Microsoft know – failed miserably! (@IE tweeted to me at https://twitter.com/IE/status/2428521479 and there was a fruitless discussion I started on MSDN at http://twurl.nl/5wz42r).
Long story short, I’ll never think ill of black-hats who publicly disclose vulnerabilities or crashes of Microsoft products – Microsoft makes it impossible to privately disclose these issues, and there is no other way to know that it even made their radar.
Great find thanks a mil.
Thanks but if we don’t use IE as our main browser could we just wait for a patch through MS Updates?
The best patch for IE security is http://getfirefox.com