(imported topic written by tim_tsai)
Microsoft released Security Advisory 926043 on September 28th to warn users of a publicly known vulnerability in Windows Shell that is exposed by the Microsoft WebViewFolderIcon ActiveX Control (Web View). Microsoft is working on a security update currently scheduled for an October 10th release.
Two of Microsoft’s three suggested workarounds involves changing Internet Explorer’s Web content zone security settings to prompt before running ActiveX Controls or disable Active X Controls completely. Various tasks and analyses are available in the “Security Policy Manager” site that allow you to modify and retrieve Web content zone security settings through BES.
The other suggested workaround sets the kill bit specifically for the WebViewFolderIcon Control by modifying the registry. Custom tasks that implement and undo this workaround are available to all BES customers and can be downloaded from the URL listed below. The .bes file can be imported into a BES 6.0 deployment by double clicking on the file on a machine with the BES Console installed. Please contact BigFix Technical Support if you have any questions regarding this announcement.
Microsoft Security Advisory 926043: http://www.microsoft.com/technet/security/advisory/926043.mspx
.BES File for Kill Bit Workaround: http://support.bigfix.com/download/Advisory926043.bes