IT on Campus

• Access to Campus IT Systems
• Advisory Groups
• Campus Projects
• Events
• IT Strategic Plan
• News
• Training

Microsoft Video ActiveX Control Vulnerability

Tuesday, July 07, 2009

An unpatched vulnerability in the Microsoft Video ActiveX control is being used in attacks. An attacker who successfully exploits this vulnerability can gain the same user rights as the local user. The following systems are affected:

• Microsoft Windows XP
• Microsoft Windows Server 2003

Users can prevent the Microsoft Video ActiveX Control from running in Internet Explorer, either by manually implementing workarounds or automatically using the solution found in Microsoft Knowledge Base Article 972890. By preventing the Microsoft Video ActiveX Control from running in Internet Explorer, there is no impact to application compatibility.

If you have a local IT administrator, please check with that person before making any changes to your work computer.

Microsoft is currently working to develop a security update for Windows to address this vulnerability and will release the update when it's available. For more details, see the Microsoft Security Advisory (972890)

If you have questions, contact the DoIT Help Desk or call (608) 264-HELP (4357).