Microsoft warns of vulnerability in MPEG2TuneRequest ActiveX Control Object in msvidctl.dll - Fix available

Microsoft warned of a vulnerability in Microsoft Video ActiveX Control that could allow an attacker to to run code as the logged-on user if they browse to a malicious site. There’ve been limited attacks exploiting the hole, which affects Windows XP and Windows Server 2003. In the meantime, our investigation has shown that there are no by-design […]

Microsoft warned of a vulnerability in Microsoft Video ActiveX Control that could allow an attacker to to run code as the logged-on user if they browse to a malicious site. There’ve been limited attacks exploiting the hole, which affects Windows XP and Windows Server 2003. In the meantime, our investigation has shown that there are no by-design uses for this ActiveX Control within Internet Explorer.  Therefore, we’re recommending that all customers go ahead and implement the workaround outlined in the Security Advisory: setting all killbits associated with this particular control. While Windows Vista and Windows Server 2008 customers are not affected by this vulnerability, we are recommending that they also set these killbits as a defense-in-depth measure. Once that killbit is set, any attempt by malicious websites to exploit the vulnerability would not succeed, said Microsoft in Security Advisory 972890. Click Here To Kill-Bit MSVidCtl