Microsoft warns of vulnerability in MPEG2TuneRequest ActiveX Control Object in msvidctl.dll - Fix available

Microsoft warned of a vulnerability in Microsoft Video ActiveX Control that could allow an attacker to to run code as the logged-on user if they browse to a malicious site. There’ve been limited attacks exploiting the hole, which affects Windows XP and Windows Server 2003. In the meantime, our investigation has shown that there are no by-design […]

Microsoft warned of a vulnerability in Microsoft Video ActiveX Control that could allow an attacker to to run code as the logged-on user if they browse to a malicious site. There’ve been limited attacks exploiting the hole, which affects Windows XP and Windows Server 2003. In the meantime, our investigation has shown that there are no by-design uses for this ActiveX Control within Internet Explorer.  Therefore, we’re recommending that all customers go ahead and implement the workaround outlined in the Security Advisory: setting all killbits associated with this particular control. While Windows Vista and Windows Server 2008 customers are not affected by this vulnerability, we are recommending that they also set these killbits as a defense-in-depth measure. Once that killbit is set, any attempt by malicious websites to exploit the vulnerability would not succeed, said Microsoft in Security Advisory 972890. Click Here To Kill-Bit MSVidCtl

About The Author

Deepak Gupta is a IT & Web Consultant. He is the founder and CEO of diTii.com & DIT Technologies, where he's engaged in providing Technology Consultancy, Design and Development of Desktop, Web and Mobile applications using various tools and softwares. Sign-up for the Email for daily updates. Google+ Profile.