ActiveX Security Hole Stumps Microsoft
The recent report of a security hole in Microsoft's Video ActiveX Control appears to have the Redmond-based company stumped. According to insiders, Microsoft is investigating a flaw that targets a component it didn't even realize was still being used.
Security reports suggest that the vulnerability has already been exploited and that a solution must be produced by Microsoft as soon as possible. The company is investigating and promises to have a fix soon, but in the meantime has revealed that only select operating systems, including Windows XP and Windows Server 2003, are affected. Users of Windows Vista and Windows Server 2008 have escaped harm, but Microsoft is recommending that even these people perform the workaround described below or pay attention to news of a security update. (Source: cnet.com)
"No By-Design Uses..."
The reason this has caught Microsoft so off guard is because few systems continue to use the ActiveX Control being targeted. In a statement, the company said that there are "no by-design uses for this ActiveX Control in Internet Explorer which includes all of the Class Identifiers within the msvidctl.dll that hosts this ActiveX Control."
The threat is significant for those vulnerable. According to Microsoft, those using Internet Explorer could be susceptible to remote code execution -- in other words, if a hacker knows what they're doing, they could take over a user's computer completely. It's a sinister and ingenious plan, and it may not require any user intervention once the process has started. (Source: tgdaily.com)
Workaround Available
Those who can't wait for the fix are instructed to perform a workaround for the hole involving the manipulation of the Windows Registry via Windows Registry Editor. It allows users to design a kill bit for 45 different CLSIDs, or Class Identifiers. Microsoft's guide to this process can be found here, but be warned: this is for advanced users only.
Most popular articles
- Which Processor is Better: Intel or AMD? - Explained
- How to Prevent Ransomware in 2018 - 10 Steps
- 5 Best Anti Ransomware Software Free
- How to Fix: Computer / Network Infected with Ransomware (10 Steps)
- How to Fix: Your Computer is Infected, Call This Number (Scam)
- Scammed by Informatico Experts? Here's What to Do
- Scammed by Smart PC Experts? Here's What to Do
- Scammed by Right PC Experts? Here's What to Do
- Scammed by PC / Web Network Experts? Here's What to Do
- How to Fix: Windows Update Won't Update
- Explained: Do I need a VPN? Are VPNs Safe for Online Banking?
- Explained: VPN vs Proxy; What's the Difference?
- Explained: Difference Between VPN Server and VPN (Service)
- Forgot Password? How to: Reset Any Password: Windows Vista, 7, 8, 10
- How to: Use a Firewall to Block Full Screen Ads on Android
- Explained: Absolute Best way to Limit Data on Android
- Explained: Difference Between Dark Web, Deep Net, Darknet and More
- Explained: If I Reset Windows 10 will it Remove Malware?
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.