Microsoft Security Advisory (972890)

Has anyone applied the changes to Internet Explorer 7.0.5730.13IC as advised
in this alert? It appears someone has managed to exploit a vulnerability in
Microsoft Video ActiveX Control. Though the advisory states it is not
necessary for the operation of IE 7 & below, some websites especially game
sites rely on it. The file msvidctl.dll is the target of the attack. The
workaround suggests disabling all DirectX scripting within IE 7 until a patch
is developed. Would it be OK to enable DirectX scripting while in a gamesite
and then disabling it when on the web?
Thanks -- MaryBeth

"MaryBeth" <MaryBeth@discussions.microsoft.com> wrote in message
news:633D0546-B301-4ADE-8796-308083BF1F51@microsoft.com...
> Has anyone applied the changes to Internet Explorer 7.0.5730.13IC as
> advised
> in this alert? It appears someone has managed to exploit a vulnerability
> in
> Microsoft Video ActiveX Control. Though the advisory states it is not
> necessary for the operation of IE 7 & below, some websites especially game
> sites rely on it. The file msvidctl.dll is the target of the attack. The
> workaround suggests disabling all DirectX scripting within IE 7 until a
> patch
> is developed. Would it be OK to enable DirectX scripting while in a
> gamesite
> and then disabling it when on the web?
> Thanks -- MaryBeth

No. too easy to forget to turn it off after - or before visiting a risky
site.

1. Click the Internet Zone (bottom right of the browser)
2. Click Internet Icon
3. Click Custom Level... button
4. Disable everything not vital to loading an honest document (IE that could
facilitate an infection: eg. scripting, Java, VBScript, ActiveX, .NET, XAML,
binary behaviours, etc.)

Once this lot is set, none of the web pages that rely on hacking into your
computer to make their functionality work will be able to do so - including
the banks, escrows, and your game sites. So the next step is to add those
sites you trust to your trusted sites list:

1. Click the Internet Zone (bottom right of the browser)
2. Click Trusted Icon
3. Add the site you trust
4. You may need to untick the HTTPS box

This ensures that only those sites you trust can access your browser API and
that of the Win32 Host while all others are denied.

Having said this, the person who set up the custom level security options
doesn't know the difference between a program launch and a program
download - so if you want to be able to download any programs (eg shareware,
some value added programs, and certain updates) at all you will need to make
sure that the: "Launching applications and unsafe files" option under
"Miscellaneous" is set to "Prompt". It is vital to your computer's security
that you make sure that this option is not set to "enable" or programs
(including self loading viruses) will be able to install without your
consent.

This is how I kept the cybercriminals out of a Win98 system for more than
ten years.

Good luck

--
Timothy Casey - Email: 5th-prime-number@timothycasey.info
Software: http://software-1011.com; Scientific IQ Test, Web Menus, Security
http://web-design-1011.com http://speed-reading-comprehension.com
Science & Geology: http://geologist-1011.com; http://geologist-1011.net

Please see http://support.microsoft.com/kb/972890

NB: MS CSS tells me that the FixIt is for Vista and Windows 2008, as well,
and recommends those running those OSS use it, too (despite what
http://www.microsoft.com/technet/sec...ry/972890.mspx may say about
those OSS).

PS: It's a Windows vulnerability which involves IE.

More about this here:
http://blogs.technet.com/msrc/archiv...ry-972890.aspx
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Client - since 2002


MaryBeth wrote:
> Has anyone applied the changes to Internet Explorer 7.0.5730.13IC as
> advised
> in this alert? It appears someone has managed to exploit a vulnerability
> in
> Microsoft Video ActiveX Control. Though the advisory states it is not
> necessary for the operation of IE 7 & below, some websites especially game
> sites rely on it. The file msvidctl.dll is the target of the attack. The
> workaround suggests disabling all DirectX scripting within IE 7 until a
> patch is developed. Would it be OK to enable DirectX scripting while in a
> gamesite and then disabling it when on the web?
> Thanks -- MaryBeth

I rely on Microsoft Update to provide whatever updates are needed for my
Microsoft software. I rely on my security software, not to mention my
careful behavior on the internet, to protect me.
---
Leonard Grey
Errare humanum est

MaryBeth wrote:
> Has anyone applied the changes to Internet Explorer 7.0.5730.13IC as advised
> in this alert? It appears someone has managed to exploit a vulnerability in
> Microsoft Video ActiveX Control. Though the advisory states it is not
> necessary for the operation of IE 7 & below, some websites especially game
> sites rely on it. The file msvidctl.dll is the target of the attack. The
> workaround suggests disabling all DirectX scripting within IE 7 until a patch
> is developed. Would it be OK to enable DirectX scripting while in a gamesite
> and then disabling it when on the web?
> Thanks -- MaryBeth

Thank you everyone for your replies. I did read the technet blog announcing
a patch would be available next Tuesday. 5 days without ActiveX scripting is
a small price to pay for a hacked computer. I will also apply the
adaptations you suggest Timothy, in IE. As always, your gems of wisdom,
experience, & technical knowledge are greatly appreciated, gentlemen.
~MaryBeth

Did you read KB972890? If you take advantage of that FixIt, it isn't
necessary to disable ActiveX scripting.

MaryBeth wrote:
> Thank you everyone for your replies. I did read the technet blog
> announcing
> a patch would be available next Tuesday. 5 days without ActiveX scripting
> is a small price to pay for a hacked computer. I will also apply the
> adaptations you suggest Timothy, in IE. As always, your gems of wisdom,
> experience, & technical knowledge are greatly appreciated, gentlemen.
> ~MaryBeth