| By Susan Bradley |
A malware attack masquerading as a video file targets Windows XP and Server 2003 users who visit infected sites.
Microsoft has issued a workaround for the exploit and made it available on the company’s support site, although it’s uncertain when a patch for the vulnerability will be available.
ActiveX control used in zero-day IE attacks
A zero-day attack against Internet Explorer targets a vulnerable video ActiveX control to execute malicious code on the system remotely. Merely browsing to an infected site can trigger the attack and install malware on your machine. The good news is that there are two ways to protect yourself from the exploit.
The first is enabled as a “Fix it” solution that you can access via Microsoft Knowledge Base article 972890. (See Figure 1.) The vulnerability affects only Windows XP and Windows Server 2003, but the fix can also be applied to PCs running Vista or Server 2008. According to Microsoft’s security advisory, Microsoft recommends that Vista and Server 2008 users deactivate the ActiveX control in IE as a “defense-in-depth measure.”
Figure 1. Microsoft offers a one-click workaround that enables or disables the vulnerable IE ActiveX control.
Use OpenDNS to block sites affected by the hole
If you don’t want to install the workaround and instead want to wait for the actual patch, you can keep a close eye on Incidents.org’s list of the Web sites being used to launch the attacks. Keep in mind that we don’t know when the actual patch will be available. In fact, we’re still waiting for the patch for the DirectShow hole described in Microsoft security advisory 971778. Microsoft wasn’t quite ready to release that fix in time for the June 2009 Patch Tuesday.
So far, I’m still in wait-and-see mode for the ActiveX exploit because the domains listed by Incidents.org are not ones that I or my family would normally surf to. If I subsequently see a URL listed that I think I — or someone whose PC I manage — might visit, I’ll use the custom settings in OpenDNS to block those sites for all the PCs I control. (See Figure 2.) Today’s Top Story offers more information on using OpenDNS to browse safely.