Disclaimer: This news item was originally posted on Tuesday, Jul 7, 2009. Its content may no longer be timely or accurate.
Microsoft Video ActiveX Control Vulnerability Alert
Posted: 05:35:29, Tuesday, Jul 7, 2009 Expiration: 05:35:29, Tuesday, Jul 14, 2009
The following systems are affected:
An unpatched vulnerability in the Microsoft Video ActiveX control is being used in attacks on Windows XP and Windows Server 2003 systems. An attacker who successfully exploits this vulnerability can gain the same user rights as the local user.
Users can prevent the Microsoft Video ActiveX Control from running in Internet Explorer, either by manually implementing the workarounds noted below or automatically using the solution found in Microsoft Security Advisory (972890). By preventing the Microsoft Video ActiveX Control from running in Internet Explorer, there is no impact to application compatibility.
- Microsoft Windows XP
- Microsoft Windows Server 2003
If you have a local IT administrator, please check with that person before making any changes to your work computer.
Microsoft is currently working to develop a security update for Windows to address this vulnerability and will release the update when it’s available. For more details, see the Microsoft Security Advisory (972890).
If you have questions, contact the DoIT Help Desk or call (608) 264-HELP (4357).
-- Meg McCall
Created: 05:42:35, Tuesday, Jul 7, 2009 (by BHARRIS3)
Updated: 08:32:45, Wednesday, Jul 8, 2009 (by CAGROSSP)