Internet Explorer Vulnerability Fix - gHacks Tech News

Internet Explorer Vulnerability Fix

Microsoft has released a security advisory about a vulnerability in Microsoft Video ActiveX Control which can be exploited remotely in Internet Explorer.

The vulnerability advisory states that Microsoft is aware that attackers are trying to exploit the vulnerability which means that users of the browser may be exposed to attacks when they use it on the Internet.

Internet Explorer users are therefor advised to fix the vulnerability as soon as possible to prevent possible attacks on their computer system.

The security vulnerability affects only Windows XP and Windows Server 2003 systems. Computer systems running Windows Vista, Windows Server 2008 or Windows 7 are not affected because "the ability to pass data to this control within Internet Explorer" is restricted in these operating systems.

internet explorer vulnerabilityA successful attack will give the attacker the same user rights as the currently logged in user. Microsoft has issued a workaround for the Internet Explorer vulnerability that can be applied manually or using Microsoft Fix It.

The fastest way to patch the security vulnerability is to use the Microsoft Fix It script that will perform all the actions of the workaround automatically. The fix will basically remove support for the ActiveX Control in Internet Explorer. This should not have any impact on the web browser's functionality according to Microsoft.

Update: Microsoft has released a security bulletin that addresses the vulnerability. Users who run operating systems affected by it should install the update to protect it from harm.

This can be done by using Windows Update to do so or by downloading the patch files manually from Microsoft instead.

Additional information about the vulnerability, affected operating systems and ways to patch the system are available on the Microsoft Technet website.

As Microsoft stated previously, only CP and Server 2003 and older operating systems are affected by the issue while all newer versions of Windows are not.

Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. Eric Caron said on July 7, 2009 at 3:39 pm
    Reply

    I recently discovered a 100% reproducible IE-crash bug (http://crashie8.com) that doesn’t involve any javascript or ActiveX – just HTML & CSS. Tried to let someone at Microsoft know – failed miserably! (@IE tweeted to me at https://twitter.com/IE/status/2428521479 and there was a fruitless discussion I started on MSDN at http://twurl.nl/5wz42r).

    Long story short, I’ll never think ill of black-hats who publicly disclose vulnerabilities or crashes of Microsoft products – Microsoft makes it impossible to privately disclose these issues, and there is no other way to know that it even made their radar.

  2. paulus said on July 7, 2009 at 7:17 pm
    Reply

    Great find thanks a mil.

  3. Taco said on July 7, 2009 at 8:01 pm
    Reply

    Thanks but if we don’t use IE as our main browser could we just wait for a patch through MS Updates?

  4. Zim said on July 7, 2009 at 9:31 pm
    Reply

    The best patch for IE security is http://getfirefox.com

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.