- 
Second Vulnerability Discovered in Microsoft DirectShow ActiveX Component, Zero Day Attacks already Underway
Category security advisory
Microsoft has released Security Advisory 972890 today describing the second vulnerability in a DirectX ActiveX component (msvidctl.dll). This is the second vulnerability reported (original reported on May 28, 2009 in advisory 971778 against the DirectX activex control. Microsoft recommends setting the killbit for the compromised media type in Internet Explorer (also disabling the ability to utilize the control for other valid content.
"Mitigating Factors" from the Advisory
Or, if you "un-spin" it ... You users click a link, on that page there is a video with the vulnerability compromised, the attacker can get control of the PC with the same user rights as the logged in user. It affects all version of windows except Vista and Server 2008 that have DirectX 9 installed. (It comes pre-installed).
View the Security Advisory for the steps needed for protection, or if you need help, contact ZetaOne.
Microsoft has released Security Advisory 972890 today describing the second vulnerability in a DirectX ActiveX component (msvidctl.dll). This is the second vulnerability reported (original reported on May 28, 2009 in advisory 971778 against the DirectX activex control. Microsoft recommends setting the killbit for the compromised media type in Internet Explorer (also disabling the ability to utilize the control for other valid content.
"Mitigating Factors" from the Advisory
- Customers who are using Windows Vista or Windows Server 2008 are not affected because the ability to pass data to this control within Internet Explorer has been restricted.
- By default, Internet Explorer on Windows Server 2003 and 2008 runs in a restricted mode that is known as Enhanced Security Configuration. Enhanced Security Configuration is a group of preconfigured settings in Internet Explorer that can reduce the likelihood of a user or administrator downloading and running specially crafted Web content on a server. This is a mitigating factor for Web sites that you have not added to the Internet Explorer Trusted sites zone. See also Managing Internet Explorer Enhanced Security Configuration.
- By default, all supported versions of Microsoft Outlook and Microsoft Outlook Express open HTML e-mail messages in the Restricted sites zone. The Restricted sites zone helps mitigate attacks that could try to exploit this vulnerability by preventing Active Scripting and ActiveX controls from being used when reading HTML e-mail messages. However, if a user clicks a link in an e-mail message, the user could still be vulnerable to exploitation of this vulnerability through the Web-based attack scenario.
- In a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site.
- An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Or, if you "un-spin" it ... You users click a link, on that page there is a video with the vulnerability compromised, the attacker can get control of the PC with the same user rights as the logged in user. It affects all version of windows except Vista and Server 2008 that have DirectX 9 installed. (It comes pre-installed).
View the Security Advisory for the steps needed for protection, or if you need help, contact ZetaOne.
| Permalink | 
