UPDATE: Microsoft has posted an emergency Fix It solution for this vulnerability as of late on 06 July 2009.
Microsoft posted today at the Microsoft Security Response Center (MSRC) concerning new attacks against a Microsoft Video Active X Control that impacts Windows XP and Server 2003 users. Security Advisory 972890 contains further details.
Specifically, we’re aware of a code execution vulnerability within this control that can enable an attacker to run code as the logged-on user if they browse to a malicious site.
We have an investigation into this issue under way as part of our Software Security Incident Response Process (SSIRP) and are working to develop a security update to address the issue.
Microsoft reports they are actively working on a solution and will post one as soon as they have it. You can get updates on this from the advisory itself or the MSRC web site. Personally, I subscribe to their RSS feed because it is handy to be aware of these things in a timely manner.
If your really into the nitty-gritty details of these type of things then check out the New vulnerability in MPEG2TuneRequest ActiveX Control Object in msvidctl.dll entry at the Microsoft Security Research & Defense blog.
Related Posts
- Microsoft Releases Security Advisory Concerning HTTPS and TLS Vulnerability
- Microsoft Fixes Vulnerability Exposed by Google Engineer
- Windows Update Tuesday The August 08 Edition
- January 2011 Patch Tuesday Advance Security Bulletin Released
- Out of Band Security Update for Vulnerability in ASP.NET Being Released Today
Richard is the Owner of WindowsObserver.com and has been involved in tech for over 25 years. His first website – AnotherWin95.com – came online in 1995. Back then he used GeoCities Web Hosting for it and what you see here today is the result of the work he has continued on the site since 1995. In January 2010 his community contributions were recognized by Microsoft when he was awarded the Most Valuable Professional (MVP) Award for Windows Desktop Experience. In January 2011 he was renewed as a Microsoft MVP but in a new category called Windows Expert - Consumer and in January 2012 he received the award for the third time.
This post first appeared on WindowsObserver.com. If you enjoyed it please make sure you subscribe to the RSS feed and join our Facebook Fan Page to stay up to date.
Subscribe to
If U R running IE on Win Xp then hackers cn take ovr yr cmputr – http://bit.ly/zzJGH fix – http://bit.ly/159vvH @WinObs
Updated blog post: http://tinyurl.com/kpkucm – Concerning Attacks Against Windows XP and Windows Server 2003 Released – added link to Fix It
PLS RT! http://tinyurl.com/kpkucm – Security Advisory Concerning Attacks Against Windows XP and Windows Server 2003 Released
New blog post: Security Advisory Concerning Attacks Against Windows XP and Windows Server 2003 Released http://bit.ly/z3pCI
[...] Security Advisory Concerning Attacks Against Windows XP and Windows Server 2003 Released – July 6, 2009 [...]
On Twitter, Pallab De said: If U R running IE on Win Xp then hackers cn take ovr yr cmputr – http://bit.ly/zzJGH fix – http://bit.ly/159vvH @WinObs
More on Topsy.com
On Twitter, Windows Observer said: Updated blog post: http://tinyurl.com/kpkucm – Concerning Attacks Against Windows XP and Windows Server 2003 Released – added link to Fix It
More on Topsy.com
On Twitter, Windows Observer said: PLS RT! http://tinyurl.com/kpkucm – Security Advisory Concerning Attacks Against Windows XP and Windows Server 2003 Released
More on Topsy.com
On Twitter, Windows Observer said: New blog post: Security Advisory Concerning Attacks Against Windows XP and Windows Server 2003 Released http://bit.ly/z3pCI
More on Topsy.com