Microsoft Advisory and workaround for 0 day exploit of MPEG2TuneReque

(imported topic written by jpeppers91)

Will Bigfix be releasing a patch for this vulnerability…

http://support.microsoft.com/kb/972890

(imported comment written by NoahSalzman)

From: Announcements for BES Administrators besadmin-announcements@bigmail.bigfix.com

Reply-To: besadmin-announcements@bigmail.bigfix.com

Date: Tue, 07 Jul 2009 22:57:13 -0700

To: Announcements for BES Administrators besadmin-announcements@bigmail.bigfix.com

Subject:

BESAdmin-Announcements

Microsoft Security Advisory 972890: Vulnerability in Microsoft Video ActiveX Control

Microsoft has released Security Advisory 972890 to warn customers of a publicly known and actively exploited vulnerability in Microsoft Video ActiveX Control. This vulnerability could potentially allow an attacker to inherit the same user rights as the local user on a Windows XP or Windows Server 2003 computer.

BigFix has released content in the “Patches for Windows” Fixlet sites that will allow users to set a “kill bit” for the affected ActiveX control, disabling the vulnerable functionality as detailed in the Microsoft advisory. Once a patch is available for this vulnerability, BigFix will make this available as well.

Additional information on this vulnerability is available from Microsoft at:

http://www.microsoft.com/technet/security/advisory/972890.mspx

The following Fixlet messages are now available:

ID 97289001: “Security Advisory 972890: Vulnerability in Microsoft Video ActiveX Control Could Allow Remote Code Execution - Windows Server 2003 SP2”

ID 97289003: “Security Advisory 972890: Vulnerability in Microsoft Video ActiveX Control Could Allow Remote Code Execution - Windows XP SP2/SP3”

ID 97289005: “Security Advisory 972890: Vulnerability in Microsoft Video ActiveX Control Could Allow Remote Code Execution - Windows Server 2003 SP2 (x64)”

ID 97289007: “Security Advisory 972890: Vulnerability in Microsoft Video ActiveX Control Could Allow Remote Code Execution - Windows XP SP2 (x64)”

BigFix Product Team

Check out the BigFix User Forum at http://forum.bigfix.com


Besadmin-announcements mailing list

Besadmin-announcements@bigmail.bigfix.com

http://bigmail.bigfix.com/mailman/listinfo/besadmin-announcements