Microsoft Windows Vista Community Forums - Vistaheads
Recommended Download



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Driver Scanner

Microsoft Security Advisory (972890)

microsoft.public.internetexplorer.general






Speedup My PC
Reply
  #1 (permalink)  
Old 07-10-2009
MaryBeth
 

Posts: n/a
Microsoft Security Advisory (972890)
Has anyone applied the changes to Internet Explorer 7.0.5730.13IC as advised
in this alert? It appears someone has managed to exploit a vulnerability in
Microsoft Video ActiveX Control. Though the advisory states it is not
necessary for the operation of IE 7 & below, some websites especially game
sites rely on it. The file msvidctl.dll is the target of the attack. The
workaround suggests disabling all DirectX scripting within IE 7 until a patch
is developed. Would it be OK to enable DirectX scripting while in a gamesite
and then disabling it when on the web?
Thanks -- MaryBeth
Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 07-10-2009
Timothy Casey
 

Posts: n/a
Re: Microsoft Security Advisory (972890)
"MaryBeth" <MaryBeth@discussions.microsoft.com> wrote in message
news:633D0546-B301-4ADE-8796-308083BF1F51@microsoft.com...
> Has anyone applied the changes to Internet Explorer 7.0.5730.13IC as
> advised
> in this alert? It appears someone has managed to exploit a vulnerability
> in
> Microsoft Video ActiveX Control. Though the advisory states it is not
> necessary for the operation of IE 7 & below, some websites especially game
> sites rely on it. The file msvidctl.dll is the target of the attack. The
> workaround suggests disabling all DirectX scripting within IE 7 until a
> patch
> is developed. Would it be OK to enable DirectX scripting while in a
> gamesite
> and then disabling it when on the web?
> Thanks -- MaryBeth


No. too easy to forget to turn it off after - or before visiting a risky
site.

1. Click the Internet Zone (bottom right of the browser)
2. Click Internet Icon
3. Click Custom Level... button
4. Disable everything not vital to loading an honest document (IE that could
facilitate an infection: eg. scripting, Java, VBScript, ActiveX, .NET, XAML,
binary behaviours, etc.)

Once this lot is set, none of the web pages that rely on hacking into your
computer to make their functionality work will be able to do so - including
the banks, escrows, and your game sites. So the next step is to add those
sites you trust to your trusted sites list:

1. Click the Internet Zone (bottom right of the browser)
2. Click Trusted Icon
3. Add the site you trust
4. You may need to untick the HTTPS box

This ensures that only those sites you trust can access your browser API and
that of the Win32 Host while all others are denied.

Having said this, the person who set up the custom level security options
doesn't know the difference between a program launch and a program
download - so if you want to be able to download any programs (eg shareware,
some value added programs, and certain updates) at all you will need to make
sure that the: "Launching applications and unsafe files" option under
"Miscellaneous" is set to "Prompt". It is vital to your computer's security
that you make sure that this option is not set to "enable" or programs
(including self loading viruses) will be able to install without your
consent.

This is how I kept the cybercriminals out of a Win98 system for more than
ten years.

Good luck

--
Timothy Casey - Email: 5th-prime-number@timothycasey.info
Software: http://software-1011.com; Scientific IQ Test, Web Menus, Security
http://web-design-1011.com http://speed-reading-comprehension.com
Science & Geology: http://geologist-1011.com; http://geologist-1011.net

Reply With Quote
  #3 (permalink)  
Old 07-10-2009
PA Bear [MS MVP]
 

Posts: n/a
Re: Microsoft Security Advisory (972890)
Please see http://support.microsoft.com/kb/972890

NB: MS CSS tells me that the FixIt is for Vista and Windows 2008, as well,
and recommends those running those OSS use it, too (despite what
http://www.microsoft.com/technet/sec...ry/972890.mspx may say about
those OSS).

PS: It's a Windows vulnerability which involves IE.

More about this here:
http://blogs.technet.com/msrc/archiv...ry-972890.aspx
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Client - since 2002


MaryBeth wrote:
> Has anyone applied the changes to Internet Explorer 7.0.5730.13IC as
> advised
> in this alert? It appears someone has managed to exploit a vulnerability
> in
> Microsoft Video ActiveX Control. Though the advisory states it is not
> necessary for the operation of IE 7 & below, some websites especially game
> sites rely on it. The file msvidctl.dll is the target of the attack. The
> workaround suggests disabling all DirectX scripting within IE 7 until a
> patch is developed. Would it be OK to enable DirectX scripting while in a
> gamesite and then disabling it when on the web?
> Thanks -- MaryBeth


Reply With Quote
  #4 (permalink)  
Old 07-10-2009
Leonard Grey
 

Posts: n/a
Re: Microsoft Security Advisory (972890)
I rely on Microsoft Update to provide whatever updates are needed for my
Microsoft software. I rely on my security software, not to mention my
careful behavior on the internet, to protect me.
---
Leonard Grey
Errare humanum est

MaryBeth wrote:
> Has anyone applied the changes to Internet Explorer 7.0.5730.13IC as advised
> in this alert? It appears someone has managed to exploit a vulnerability in
> Microsoft Video ActiveX Control. Though the advisory states it is not
> necessary for the operation of IE 7 & below, some websites especially game
> sites rely on it. The file msvidctl.dll is the target of the attack. The
> workaround suggests disabling all DirectX scripting within IE 7 until a patch
> is developed. Would it be OK to enable DirectX scripting while in a gamesite
> and then disabling it when on the web?
> Thanks -- MaryBeth

Reply With Quote
  #5 (permalink)  
Old 07-10-2009
MaryBeth
 

Posts: n/a
Re: Microsoft Security Advisory (972890)
Thank you everyone for your replies. I did read the technet blog announcing
a patch would be available next Tuesday. 5 days without ActiveX scripting is
a small price to pay for a hacked computer. I will also apply the
adaptations you suggest Timothy, in IE. As always, your gems of wisdom,
experience, & technical knowledge are greatly appreciated, gentlemen.
~MaryBeth
Reply With Quote
  #6 (permalink)  
Old 07-10-2009
PA Bear [MS MVP]
 

Posts: n/a
Re: Microsoft Security Advisory (972890)
Did you read KB972890? If you take advantage of that FixIt, it isn't
necessary to disable ActiveX scripting.

MaryBeth wrote:
> Thank you everyone for your replies. I did read the technet blog
> announcing
> a patch would be available next Tuesday. 5 days without ActiveX scripting
> is a small price to pay for a hacked computer. I will also apply the
> adaptations you suggest Timothy, in IE. As always, your gems of wisdom,
> experience, & technical knowledge are greatly appreciated, gentlemen.
> ~MaryBeth


Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Microsoft Security Advisory (968272): Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution Steve Microsoft Security Bulletins 0 04-18-2009 02:30
Microsoft Security Advisory (969136): Vulnerability in Microsoft Office PowerPoint Could Allow Remote Code Execution Steve Microsoft Security Bulletins 0 04-18-2009 02:30
Microsoft Snapshot Viewer Security Advisory, (Mon, Jul 7th) Steve Security News 0 07-07-2008 20:30
Microsoft Security advisory for Safari and Windows, (Sat, May 31st) Steve Security News 0 05-31-2008 03:50
Microsoft Security Advisory (943521) Donna Buenaventura \(MVP\) microsoft.public.windows.vista.security 38 10-16-2007 12:33




All times are GMT +1. The time now is 12:13.




Driver Scanner - Free Scan Now

Vistaheads.com is part of the Heads Network. See also XPHeads.com , Win7Heads.com and Win8Heads.com.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 RC 2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120