Kill-bit ActiveX Controls to Fix XP SP3 0-Day Critical Vulnerability

Microsoft has confirmed that it is aware of what Christopher Budd, security response communications lead for the company, referred to as limited, active attacks that exploited a zero-day Critical vulnerability affecting Video ActiveX control. Budd pointed out that only users running Windows XP and Windows Server 2003 were at risk from exploits targeting the security flaw. According to the software giant, XP SP3 users are indeed affected by the issue. While providing information related to the vulnerability, the Redmond company is also delivering to users of Windows XP and Windows Server 2003 the means to automatically bulletproof their operating systems against attacks.

KB972890 contains a fix for the Video ActiveX control vulnerability. All that end users need do is visit the specific knowledge base article, click the “Fix it” button and follow the instructions of the wizard. The fix is a mitigation set in place by the Redmond company because an update is not yet available. In addition to the “Fix it” solution, Microsoft is also providing a workaround that affected customers can run manually in order to ensure that their systems are safe from attacks. The specific steps that need to be taken are described in the Microsoft Security Advisory (972890) under the Workarounds section.

“Our investigation has shown that there are no by-design uses for this ActiveX Control within Internet Explorer. Therefore, we recommend that all customers implement the workarounds outlined in the Security Advisory. While Windows Vista and Windows Server 2008 customers are not affected by this vulnerability, we recommend that they also implement the workarounds as a defense-in-depth measure,” Budd explained. “A simple and effective workaround that can be automatically implemented is available in the Knowledge Base article for the advisory under the “Fix It For Me” section. If this doesn’t work in your environment, please reference the advisory for additional workarounds.”

The Redmond company explained that end users with vulnerable systems only had to be tricked into visiting a malformed website to get infected. No user interaction with a specially crafted webpage is necessary for a vulnerable machine to be infected. Budd stated that Microsoft “continues to investigate this vulnerability. Microsoft is currently working to develop a security update for this issue to address this vulnerability and will release it once it has reached an appropriate level of quality for broad distribution.”