Disclaimer: This news item was originally posted on Tuesday, Jul 7, 2009. Its content may no longer be timely or accurate.

Microsoft Video ActiveX Control Vulnerability Alert

Posted: 06:35:29, Tuesday, Jul 7, 2009   Expiration: 06:35:29, Tuesday, Jul 14, 2009  

An unpatched vulnerability in the Microsoft Video ActiveX control is being used in attacks on Windows XP and Windows Server 2003 systems. An attacker who successfully exploits this vulnerability can gain the same user rights as the local user.

The following systems are affected:

  • Microsoft Windows XP
  • Microsoft Windows Server 2003
Users can prevent the Microsoft Video ActiveX Control from running in Internet Explorer, either by manually implementing the workarounds noted below or automatically using the solution found in Microsoft Security Advisory (972890). By preventing the Microsoft Video ActiveX Control from running in Internet Explorer, there is no impact to application compatibility.

If you have a local IT administrator, please check with that person before making any changes to your work computer.

Microsoft is currently working to develop a security update for Windows to address this vulnerability and will release the update when it’s available. For more details, see the Microsoft Security Advisory (972890).

If you have questions, contact the DoIT Help Desk or call (608) 264-HELP (4357).

-- Meg McCall

Created: 06:42:35, Tuesday, Jul 7, 2009 (by Leah S.)
Updated: 09:32:45, Wednesday, Jul 8, 2009 (by System U.)