News and Announcements

Microsoft Video ActiveX Control Vulnerability Alert

Posted: 2009-07-07 05:35:29   Expiration: 2009-07-14 05:35:29

Disclaimer: This news item was originally posted on 2009-07-07 05:35:29. Its content may no longer be timely or accurate.

An unpatched vulnerability in the Microsoft Video ActiveX control is being used in attacks on Windows XP and Windows Server 2003 systems. An attacker who successfully exploits this vulnerability can gain the same user rights as the local user.

The following systems are affected:

  • Microsoft Windows XP
  • Microsoft Windows Server 2003
Users can prevent the Microsoft Video ActiveX Control from running in Internet Explorer, either by manually implementing the workarounds noted below or automatically using the solution found in Microsoft Security Advisory (972890). By preventing the Microsoft Video ActiveX Control from running in Internet Explorer, there is no impact to application compatibility.

If you have a local IT administrator, please check with that person before making any changes to your work computer.

Microsoft is currently working to develop a security update for Windows to address this vulnerability and will release the update when it’s available. For more details, see the Microsoft Security Advisory (972890).

If you have questions, contact the DoIT Help Desk or call (608) 264-HELP (4357).

-- Meg McCall