Microsoft has released a security advisory about a vulnerability in Microsoft Video ActiveX Control which can be exploited remotely in Internet Explorer. The vulnerability advisory states that Microsoft is aware that attackers are trying to exploit the vulnerability. Internet Explorer users are therefor advised to fix the vulnerability as soon as possible to prevent possible attacks on their computer system.
The security vulnerability affects only Windows XP and Windows Server 2003 systems. Computer systems running Windows Vista, Windows Server 2008 or Windows 7 are not affected because “the ability to pass data to this control within Internet Explorer” is restricted in these operating systems.
A successful attack will give the attacker the same user rights as the currently logged in user. Microsoft has issued a workaround for the Internet Explorer vulnerability that can be applied manually or using Microsoft Fix It.
The fastest way to patch the security vulnerability is to use the Microsoft Fix It script that will perform all the actions of the workaround automatically. The fix will basically remove support for the ActiveX Control in Internet Explorer. This should not have any impact on the web browser’s functionality according to Microsoft.
You Might Also Be Interested In
-
Microsoft Internet Explorer Security Update
-
Real Player Internet Explorer vulnerability
-
New Security Vulnerability Affects Windows Operating Systems
-
Internet Explorer Clipboard Vulnerability
-
Adobe Fixes Critical Shockwave Vulnerability
-
Internet Explorer 8 Final
-
Uninstall Internet Explorer 8
-
Internet Explorer 8 To Be Distributed Via Automatic Updates
5 Responses to “Internet Explorer Vulnerability Fix”
Trackbacks/Pingbacks
-
[...] ghacks Alcuni articoli che potrebbero interessarti:I browser sono più veloci con Windows 7 Tutti ormai [...]
I recently discovered a 100% reproducible IE-crash bug (http://crashie8.com) that doesn’t involve any javascript or ActiveX – just HTML & CSS. Tried to let someone at Microsoft know – failed miserably! (@IE tweeted to me at https://twitter.com/IE/status/2428521479 and there was a fruitless discussion I started on MSDN at http://twurl.nl/5wz42r).
Long story short, I’ll never think ill of black-hats who publicly disclose vulnerabilities or crashes of Microsoft products – Microsoft makes it impossible to privately disclose these issues, and there is no other way to know that it even made their radar.
Great find thanks a mil.
Thanks but if we don’t use IE as our main browser could we just wait for a patch through MS Updates?
The best patch for IE security is http://getfirefox.com