Texas Tech University.
TTU Home IT Division IT Help Central

Microsoft Video ActiveX Control Vulnerability

NOTE: This announcment is no longer current and has been maintained only for archival purposes.

According to a recently announced Security Advisory from Microsoft, navigate to http://www.microsoft.com/technet/security/advisory/972890.mspx to read the announcement, Windows XP systems with Internet Explorer versions 6 and 7 are vulnerable to compromise if they access certain malicious or compromised websites. Typically, enticements to visit these infected websites come in the form of clickable internet ads and links included in spam e-mails.

All computers connected to the TTUnet network are protected from this vulnerability. In addition, Symantec Corp. provided a virus definition file on July 6th that includes protection for workstations running its Symantec Anti-Virus software.

For laptops and workstations outside the TTUnet network and not running Symantec Anti-Virus, the IT Division recommends installing the workaround provided by Microsoft. Their recommendations specify two options – manual and automatic; you may view the details by visiting http://support.microsoft.com/kb/972890. The IT Division recommends customers use the automatic option, also known as the “Fix it for me” or “Fix it” option. Instructions can be found below.

The IT Division will continue monitoring this vulnerability and the reported exploits across the Internet. We anticipate at some point that Microsoft will release a server-side patch, so that websites can no longer be configured to exploit the vulnerability.

As always, the IT Division recommends Safe Computing Practices, including:


Prevent the Microsoft Video ActiveX Control from running by following these instructions:

          NOTE: This does not affect users of Windows Vista or Windows Server 2008

STEP 1: Using Microsoft Internet Explorer, browse to http://support.microsoft.com/kb/972890.

STEP 2: Click Microsoft Fix it under Enable workaround.

          

STEP 3: When prompted to run or save the file, click Run.

          

STEP 4: If prompted again, choose Run.

          

STEP 5: Check I Agree, then click Next.

          

STEP 6: Click Close to finish the installation.