[BESAdmin-Announcements] Microsoft Security Advisory 972890: Vulnerability in Microsoft Video ActiveX Control

Announcements for BES Administrators besadmin-announcements at bigmail.bigfix.com
Tue Jul 7 22:57:13 PDT 2009


Microsoft has released Security Advisory 972890 to warn customers of a
publicly known and actively exploited vulnerability in Microsoft Video
ActiveX Control.  This vulnerability could potentially allow an attacker to
inherit the same user rights as the local user on a Windows XP or Windows
Server 2003 computer.
 
BigFix has released content in the ³Patches for Windows² Fixlet sites that
will allow users to set a ³kill bit² for the affected ActiveX control,
disabling the vulnerable functionality as detailed in the Microsoft
advisory. Once a patch is available for this vulnerability, BigFix will make
this available as well.

Additional information on this vulnerability is available from Microsoft at:
* http://www.microsoft.com/technet/security/advisory/972890.mspx
* 
http://blogs.technet.com/msrc/archive/2009/07/06/microsoft-security-advisory
-972890-released.aspx

The following Fixlet messages are now available:
* ID 97289001: ³Security Advisory 972890: Vulnerability in Microsoft Video
ActiveX Control Could Allow Remote Code Execution - Windows Server 2003 SP2²
* ID 97289003: ³Security Advisory 972890: Vulnerability in Microsoft Video
ActiveX Control Could Allow Remote Code Execution - Windows XP SP2/SP3²
* ID 97289005: ³Security Advisory 972890: Vulnerability in Microsoft Video
ActiveX Control Could Allow Remote Code Execution - Windows Server 2003 SP2
(x64)² 
* ID 97289007: ³Security Advisory 972890: Vulnerability in Microsoft Video
ActiveX Control Could Allow Remote Code Execution - Windows XP SP2 (x64)²

BigFix Product Team
Check out the BigFix User Forum at http://forum.bigfix.com 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://bigmail.bigfix.com/pipermail/besadmin-announcements/attachments/20090707/d6dcbb32/attachment.htm 


More information about the Besadmin-announcements mailing list