Microsoft Releases Workaround for Video ActiveX Vulnerability That Can Pwn Your PC
Posted 07/07/2009 at 5:40pm | by Mark Edward Soper
Microsoft rolls out workaround for Video ActiveX vulnerability in IE6, IE7
This week, Microsoft announced that DirectShow ActiveX code in Internet Explorer 6 and 7 that was reserved for future use has finally been used - by malware providers. The DirectShow Video ActiveX control in the msvidctr.dll file can be used to take over your system if you visit an infected website. According to Symantec, thousands of websites (primarily in China and other parts of Asia) have been affected.
Who's vulnerable? According to Microsoft Knowledge Base article 972890, Windows Server 2003, Windows XP SP2, Windows XP SP3, and Windows XP 64-bit edition are at risk if they haven't upgraded to IE8. IE8 is not vulnerable because the DirectShow ActiveX control being exploited was disabled in IE8. But, if you're still running IE7 (or - horrors! - IE6), what now?
Although Microsoft doesn't have a software patch, it's offering the next best thing: visit KB article 972890 to download and run Microsoft Fix it control 50287 to work around the problem (the same site also offers Microsoft Fix it control 50288 to disable the workaround).
or up date to IE8 and get Firefox