Microsoft Video ActiveX Control Vulnerability
|NOTE: This announcment is no longer current and has been maintained only for archival purposes.|
According to a recently announced Security Advisory from Microsoft, navigate to http://www.microsoft.com/technet/security/advisory/972890.mspx to read the announcement, Windows XP systems with Internet Explorer versions 6 and 7 are vulnerable to compromise if they access certain malicious or compromised websites. Typically, enticements to visit these infected websites come in the form of clickable internet ads and links included in spam e-mails.
All computers connected to the TTUnet network are protected from this vulnerability. In addition, Symantec Corp. provided a virus definition file on July 6th that includes protection for workstations running its Symantec Anti-Virus software.
For laptops and workstations outside the TTUnet network and not running Symantec Anti-Virus, the IT Division recommends installing the workaround provided by Microsoft. Their recommendations specify two options – manual and automatic; you may view the details by visiting http://support.microsoft.com/kb/972890. The IT Division recommends customers use the automatic option, also known as the “Fix it for me” or “Fix it” option. Instructions can be found below.
The IT Division will continue monitoring this vulnerability and the reported exploits across the Internet. We anticipate at some point that Microsoft will release a server-side patch, so that websites can no longer be configured to exploit the vulnerability.
As always, the IT Division recommends Safe Computing Practices, including:
- Do not open e-mail attachments unless you are certain of the sender’s identity and expecting the information;
- Do not click on links contained within an e-mail unless you are certain of the sender’s identity and expecting the information;
- Do not click on questionable advertisements or visit questionable internet sites;
- Keep your anti-Virus software updated with the latest updates and virus definition files; Symantec AntiVirus is available for download at http://eraider.ttu.edu at no cost to the University community; and
- Keep current on critical system updates:
NOTE: This does not affect users of Windows Vista or Windows Server 2008
STEP 1: Using Microsoft Internet Explorer, browse to http://support.microsoft.com/kb/972890.
STEP 2: Click Microsoft Fix it under Enable workaround.
STEP 3: When prompted to run or save the file, click Run.
STEP 4: If prompted again, choose Run.
STEP 5: Check I Agree, then click Next.
STEP 6: Click Close to finish the installation.