Support Invite a friend ShareThis
Join Now Member Login
Home Groups Blogs Forums Survival Living Health My Jobs Job Search Union New Grad Our Book

Search result

Tags - vulnerability
Major security hole for Internet Explorer on XP. Fix it NOW!!
 
July 7, 2009July 7, 2009  0 comments  Security
Bookmark and Share

Microsoft departed from their typical Tuesday notification to warn about a major security hole on Monday the 6th.

If you are using Internet Explorer on XP or windows server 2003, you are vulnerable. If you are using Vista, you are OK. There are active attacks trying to take advantage of this hole.

There are no patches, but disabling part of the affected video software closes the hole.

Here is the Microsoft Knowledgebase article that shows how to do that: http://support.microsoft.com/kb/972890

If you don't consider yourself highly experienced with Windows, use the Fix it for me link. As a matter of fact, even if you consider yourself highly experienced, you should use the automated fix. If you are the brave kind and want to do it yourself, go ahead:

 

Workaround refers to a setting or configuration change that does not correct the underlying vulnerability but would help block known attack vectors before you apply the update. Microsoft has tested the following workarounds and states in the discussion whether a workaround reduces functionality:

Prevent Microsoft Video ActiveX Control from running in Internet Explorer

Note See Microsoft Knowledge Base Article 972890 for information on how to implement this workaround automatically.

You can disable attempts to instantiate a COM object in Internet Explorer by setting the kill bit for the control in the registry.

Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

For detailed steps that you can use to prevent a control from running in Internet Explorer, see Microsoft Knowledge Base Article 240797. Follow the steps in this article to create a Compatibility Flags value in the registry to prevent a COM object from being instantiated in Internet Explorer.

The following Class Identifiers relate to Microsoft Video ActiveX Control:

Class Identifier

{011B3619-FE63-4814-8A84-15A194CE9CE3}

{0149EEDF-D08F-4142-8D73-D23903D21E90}

{0369B4E5-45B6-11D3-B650-00C04F79498E}

{0369B4E6-45B6-11D3-B650-00C04F79498E}

{055CB2D7-2969-45CD-914B-76890722F112}

{0955AC62-BF2E-4CBA-A2B9-A63F772D46CF}

{15D6504A-5494-499C-886C-973C9E53B9F1}

{1BE49F30-0E1B-11D3-9D8E-00C04F72D980}

{1C15D484-911D-11D2-B632-00C04F79498E}

{1DF7D126-4050-47F0-A7CF-4C4CA9241333}

{2C63E4EB-4CEA-41B8-919C-E947EA19A77C}

{334125C0-77E5-11D3-B653-00C04F79498E}

{37B0353C-A4C8-11D2-B634-00C04F79498E}

{37B03543-A4C8-11D2-B634-00C04F79498E}

{37B03544-A4C8-11D2-B634-00C04F79498E}

{418008F3-CF67-4668-9628-10DC52BE1D08}

{4A5869CF-929D-4040-AE03-FCAFC5B9CD42}

{577FAA18-4518-445E-8F70-1473F8CF4BA4}

{59DC47A8-116C-11D3-9D8E-00C04F72D980}

{7F9CB14D-48E4-43B6-9346-1AEBC39C64D3}

{823535A0-0318-11D3-9D8E-00C04F72D980}

{8872FF1B-98FA-4D7A-8D93-C9F1055F85BB}

{8A674B4C-1F63-11D3-B64C-00C04F79498E}

{8A674B4D-1F63-11D3-B64C-00C04F79498E}

{9CD64701-BDF3-4D14-8E03-F12983D86664}

{9E77AAC4-35E5-42A1-BDC2-8F3FF399847C}

{A1A2B1C4-0E3A-11D3-9D8E-00C04F72D980}

{A2E3074E-6C3D-11D3-B653-00C04F79498E}

{A2E30750-6C3D-11D3-B653-00C04F79498E}

{A8DCF3D5-0780-4EF4-8A83-2CFFAACB8ACE}

{AD8E510D-217F-409B-8076-29C5E73B98E8}

{B0EDF163-910A-11D2-B632-00C04F79498E}

{B64016F3-C9A2-4066-96F0-BD9563314726}

{BB530C63-D9DF-4B49-9439-63453962E598}

{C531D9FD-9685-4028-8B68-6E1232079F1E}

{C5702CCC-9B79-11D3-B654-00C04F79498E}

{C5702CCD-9B79-11D3-B654-00C04F79498E}

{C5702CCE-9B79-11D3-B654-00C04F79498E}

{C5702CCF-9B79-11D3-B654-00C04F79498E}

{C5702CD0-9B79-11D3-B654-00C04F79498E}

{C6B14B32-76AA-4A86-A7AC-5C79AAF58DA7}

{CAAFDD83-CEFC-4E3D-BA03-175F17A24F91}

{D02AAC50-027E-11D3-9D8E-00C04F72D980}

{F9769A06-7ACA-4E39-9CFB-97BB35F0E77E}

{FA7C375B-66A7-4280-879D-FD459C84BB02}

Note The Class Identifiers and corresponding files where the ActiveX objects are contained are documented in the table above. Replace {XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX} below with the Class Identifier found in this table.

To set the kill bit for a CLSID with a value of {XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}, paste the following text in a text editor such as Notepad. Then, save the file by using the .reg file name extension.

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}]
"Compatibility Flags"=dword:00000400

You can apply this .reg file to individual systems by double-clicking it. You can also apply it across domains by using Group Policy. For more information about Group Policy, visit the following Microsoft Web sites:

Group Policy collection

What is Group Policy Object Editor?

Core Group Policy tools and settings

Note You must restart Internet Explorer for your changes to take effect.

Impact of Workaround: There is no impact as long as the object is not intended to be used in Internet Explorer.
Bookmark and Share
Tags: microsoft security. vulnerability 

Description
Javed
Posts: 89
Comments: 20
A blog about job hunting: networking, resumes, use of thechnology
Categories
Uncategorized (6)
Money saving tips (8)
Online Jobsearch (10)
Job Search (33)
Tech news (1)
Money (3)
Funny (8)
Layoff Support (12)
Sports (3)
Security (2)
Interview (3)
Tags
11 job (11)
10 resume (10)
9 interview (9)
8 search (8)
7 funny (7)
7 money (7)
7 unemployment (7)
5 layoff (5)
5 jobs (5)
4 dilbert (4)
3 salary (3)
3 saving (3)
3 cartoon (3)
3 phone (3)
2 frugal (2)
2 overqualified (2)
2 save (2)
2 negotiation (2)
2 microsoft (2)
1 stress (1)
Support Contact Us About us Privacy Terms FAQ Invite a friend Bookmark
Copyright © 2010 Layoff Support Network