Microsoft Security Advisory (972890)

Discussion in 'Internet Explorer' started by MaryBeth, Jul 10, 2009.

  1. MaryBeth

    MaryBeth Guest

    Has anyone applied the changes to Internet Explorer 7.0.5730.13IC as advised
    in this alert? It appears someone has managed to exploit a vulnerability in
    Microsoft Video ActiveX Control. Though the advisory states it is not
    necessary for the operation of IE 7 & below, some websites especially game
    sites rely on it. The file msvidctl.dll is the target of the attack. The
    workaround suggests disabling all DirectX scripting within IE 7 until a patch
    is developed. Would it be OK to enable DirectX scripting while in a gamesite
    and then disabling it when on the web?
    Thanks -- MaryBeth
     
    MaryBeth, Jul 10, 2009
    #1
    1. Advertisements

  2. No. too easy to forget to turn it off after - or before visiting a risky
    site.

    1. Click the Internet Zone (bottom right of the browser)
    2. Click Internet Icon
    3. Click Custom Level... button
    4. Disable everything not vital to loading an honest document (IE that could
    facilitate an infection: eg. scripting, Java, VBScript, ActiveX, .NET, XAML,
    binary behaviours, etc.)

    Once this lot is set, none of the web pages that rely on hacking into your
    computer to make their functionality work will be able to do so - including
    the banks, escrows, and your game sites. So the next step is to add those
    sites you trust to your trusted sites list:

    1. Click the Internet Zone (bottom right of the browser)
    2. Click Trusted Icon
    3. Add the site you trust
    4. You may need to untick the HTTPS box

    This ensures that only those sites you trust can access your browser API and
    that of the Win32 Host while all others are denied.

    Having said this, the person who set up the custom level security options
    doesn't know the difference between a program launch and a program
    download - so if you want to be able to download any programs (eg shareware,
    some value added programs, and certain updates) at all you will need to make
    sure that the: "Launching applications and unsafe files" option under
    "Miscellaneous" is set to "Prompt". It is vital to your computer's security
    that you make sure that this option is not set to "enable" or programs
    (including self loading viruses) will be able to install without your
    consent.

    This is how I kept the cybercriminals out of a Win98 system for more than
    ten years.

    Good luck
     
    Timothy Casey, Jul 10, 2009
    #2
    1. Advertisements

  3. PA Bear [MS MVP], Jul 10, 2009
    #3
  4. MaryBeth

    Leonard Grey Guest

    I rely on Microsoft Update to provide whatever updates are needed for my
    Microsoft software. I rely on my security software, not to mention my
    careful behavior on the internet, to protect me.
     
    Leonard Grey, Jul 10, 2009
    #4
  5. MaryBeth

    MaryBeth Guest

    Thank you everyone for your replies. I did read the technet blog announcing
    a patch would be available next Tuesday. 5 days without ActiveX scripting is
    a small price to pay for a hacked computer. I will also apply the
    adaptations you suggest Timothy, in IE. As always, your gems of wisdom,
    experience, & technical knowledge are greatly appreciated, gentlemen.
    ~MaryBeth
     
    MaryBeth, Jul 10, 2009
    #5
  6. Did you read KB972890? If you take advantage of that FixIt, it isn't
    necessary to disable ActiveX scripting.
     
    PA Bear [MS MVP], Jul 10, 2009
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.