Microsoft warns of serious security hole

Read the following and wonder what I should do? Does anyone know what we are
'supposed' to do?


Last update: July 7, 2009 - 6:07 AM
SAN JOSE, Calif. - Microsoft Corp. has taken the rare step of warning about
a serious computer security vulnerability it hasn't fixed yet.

The vulnerability disclosed Monday affects Internet Explorer users whose
computers run the Windows XP or Windows Server 2003 operating software.

It can allow hackers to remotely take control of victims' machines. The
victims don't need to do anything to get infected except visit a Web site
that's been hacked.

Security experts say criminals have been attacking the vulnerability for
nearly a week. Thousands of sites have been hacked to serve up malicious
software that exploits the vulnerability. People are drawn to these sites by
clicking a link in spam e-mail.
The so-called "zero day" vulnerability disclosed by Microsoft affects a part
of its software used to play video. The problem arises from the way the
software interacts with Internet Explorer, which opens a hole for hackers to
tunnel into.

Microsoft urged vulnerable users to disable the problematic part of its
software, which can be done from Microsoft's Web site, while the company
works on a "patch" — or software fix — for the problem.

Microsoft rarely departs from its practice of issuing security updates the
second Tuesday of each month. When the Redmond, Wash.-based company does
issue security reminders at other times, it's because the vulnerabilities are
very serious.

A recent example was the emergency patch Microsoft issued in October for a
vulnerability that criminals exploited to infect millions of PCs with the
Conficker worm. While initially feared as an all-powerful doomsday device,
that network of infected machines was eventually used for mundane moneymaking
schemes like sending spam and pushing fake antivirus software.

Seems like the authors of this story left out a lot of relevent information,
doesn't it?

"AliceZ" <AliceZ@discussions.microsoft.com> wrote in message
news:C8C6DF5D-00B5-45A1-877E-15327E7AF47C@microsoft.com...
: Read the following and wonder what I should do? Does anyone know what we
are
: 'supposed' to do?
:
:
: Last update: July 7, 2009 - 6:07 AM
: SAN JOSE, Calif. - Microsoft Corp. has taken the rare step of warning
about
: a serious computer security vulnerability it hasn't fixed yet.
:
: The vulnerability disclosed Monday affects Internet Explorer users whose
: computers run the Windows XP or Windows Server 2003 operating software.
:
: It can allow hackers to remotely take control of victims' machines. The
: victims don't need to do anything to get infected except visit a Web site
: that's been hacked.
:
: Security experts say criminals have been attacking the vulnerability for
: nearly a week. Thousands of sites have been hacked to serve up malicious
: software that exploits the vulnerability. People are drawn to these sites
by
: clicking a link in spam e-mail.
: The so-called "zero day" vulnerability disclosed by Microsoft affects a
part
: of its software used to play video. The problem arises from the way the
: software interacts with Internet Explorer, which opens a hole for hackers
to
: tunnel into.
:
: Microsoft urged vulnerable users to disable the problematic part of its
: software, which can be done from Microsoft's Web site, while the company
: works on a "patch" - or software fix - for the problem.
:
: Microsoft rarely departs from its practice of issuing security updates the
: second Tuesday of each month. When the Redmond, Wash.-based company does
: issue security reminders at other times, it's because the vulnerabilities
are
: very serious.
:
: A recent example was the emergency patch Microsoft issued in October for a
: vulnerability that criminals exploited to infect millions of PCs with the
: Conficker worm. While initially feared as an all-powerful doomsday device,
: that network of infected machines was eventually used for mundane
moneymaking
: schemes like sending spam and pushing fake antivirus software.
:

I agree. It looks like most hoaxes do in that Microsoft never releases such
information without a plan of action. Also, I haven't seen any mention of
this security hole anywhere else...

"Tom Willett" wrote:

> Seems like the authors of this story left out a lot of relevent information,
> doesn't it?
>
> "AliceZ" <AliceZ@discussions.microsoft.com> wrote in message
> news:C8C6DF5D-00B5-45A1-877E-15327E7AF47C@microsoft.com...
> : Read the following and wonder what I should do? Does anyone know what we
> are
> : 'supposed' to do?
> :
> :
> : Last update: July 7, 2009 - 6:07 AM
> : SAN JOSE, Calif. - Microsoft Corp. has taken the rare step of warning
> about
> : a serious computer security vulnerability it hasn't fixed yet.
> :
> : The vulnerability disclosed Monday affects Internet Explorer users whose
> : computers run the Windows XP or Windows Server 2003 operating software.
> :
> : It can allow hackers to remotely take control of victims' machines. The
> : victims don't need to do anything to get infected except visit a Web site
> : that's been hacked.
> :
> : Security experts say criminals have been attacking the vulnerability for
> : nearly a week. Thousands of sites have been hacked to serve up malicious
> : software that exploits the vulnerability. People are drawn to these sites
> by
> : clicking a link in spam e-mail.
> : The so-called "zero day" vulnerability disclosed by Microsoft affects a
> part
> : of its software used to play video. The problem arises from the way the
> : software interacts with Internet Explorer, which opens a hole for hackers
> to
> : tunnel into.
> :
> : Microsoft urged vulnerable users to disable the problematic part of its
> : software, which can be done from Microsoft's Web site, while the company
> : works on a "patch" - or software fix - for the problem.
> :
> : Microsoft rarely departs from its practice of issuing security updates the
> : second Tuesday of each month. When the Redmond, Wash.-based company does
> : issue security reminders at other times, it's because the vulnerabilities
> are
> : very serious.
> :
> : A recent example was the emergency patch Microsoft issued in October for a
> : vulnerability that criminals exploited to infect millions of PCs with the
> : Conficker worm. While initially feared as an all-powerful doomsday device,
> : that network of infected machines was eventually used for mundane
> moneymaking
> : schemes like sending spam and pushing fake antivirus software.
> :
>
>
>

There's nothing there to back up the claims, such as links to the
information supposedly posted by MS.

"Michael Barthelette" <Michael Barthelette@discussions.microsoft.com> wrote
in message news:2176EF2A-C4F4-45E0-A980-2D75FA02D790@microsoft.com...
:I agree. It looks like most hoaxes do in that Microsoft never releases
such
: information without a plan of action. Also, I haven't seen any mention of
: this security hole anywhere else...
:
: "Tom Willett" wrote:
:
: > Seems like the authors of this story left out a lot of relevent
information,
: > doesn't it?
: >
: > "AliceZ" <AliceZ@discussions.microsoft.com> wrote in message
: > news:C8C6DF5D-00B5-45A1-877E-15327E7AF47C@microsoft.com...
: > : Read the following and wonder what I should do? Does anyone know what
we
: > are
: > : 'supposed' to do?
: > :
: > :
: > : Last update: July 7, 2009 - 6:07 AM
: > : SAN JOSE, Calif. - Microsoft Corp. has taken the rare step of warning
: > about
: > : a serious computer security vulnerability it hasn't fixed yet.
: > :
: > : The vulnerability disclosed Monday affects Internet Explorer users
whose
: > : computers run the Windows XP or Windows Server 2003 operating
software.
: > :
: > : It can allow hackers to remotely take control of victims' machines.
The
: > : victims don't need to do anything to get infected except visit a Web
site
: > : that's been hacked.
: > :
: > : Security experts say criminals have been attacking the vulnerability
for
: > : nearly a week. Thousands of sites have been hacked to serve up
malicious
: > : software that exploits the vulnerability. People are drawn to these
sites
: > by
: > : clicking a link in spam e-mail.
: > : The so-called "zero day" vulnerability disclosed by Microsoft affects
a
: > part
: > : of its software used to play video. The problem arises from the way
the
: > : software interacts with Internet Explorer, which opens a hole for
hackers
: > to
: > : tunnel into.
: > :
: > : Microsoft urged vulnerable users to disable the problematic part of
its
: > : software, which can be done from Microsoft's Web site, while the
company
: > : works on a "patch" - or software fix - for the problem.
: > :
: > : Microsoft rarely departs from its practice of issuing security updates
the
: > : second Tuesday of each month. When the Redmond, Wash.-based company
does
: > : issue security reminders at other times, it's because the
vulnerabilities
: > are
: > : very serious.
: > :
: > : A recent example was the emergency patch Microsoft issued in October
for a
: > : vulnerability that criminals exploited to infect millions of PCs with
the
: > : Conficker worm. While initially feared as an all-powerful doomsday
device,
: > : that network of infected machines was eventually used for mundane
: > moneymaking
: > : schemes like sending spam and pushing fake antivirus software.
: > :
: >
: >
: >

Microsoft Security Advisory (972890)
Vulnerability in Microsoft Video ActiveX Control Could Allow Remote Code
Execution
http://www.microsoft.com/technet/se...ory/972890.mspx

Alice ... there is a O Day exploit of the above ActiveX control that is
currently being actively exploited.
The ActiveX control in question has *** no by-design uses for this
ActiveX Control in Internet Explorer ***
IOW, one should disable it's functionality ASAP as the control in
question has NO legitimate use. None.

This page contains a Fixit which can be run from the page or downloaded,
saved, and then applied to XP and Windows 2003 systems:

Microsoft Security Advisory: Vulnerability in Microsoft Video ActiveX
control could allow remote code execution
http://support.microsoft.com/kb/972890

There is also a Disable workaround Fixit on the same page.

I could speculate that since the ActiveX control in question has no
legitimate use that applying the Fixit will preclude having to install a
separate patch for this vulnerability BUT, the patch may be included in
a future IE Cumulative Security Update, or it may not.

IF a patch is released separately to address this vulnerability, then
the Fixit will preclude installing that *separate* patch.

However, if it is included in a Cumulative Security Update, then it may
be wise to run the Disable workaround Fixit to avoid an installation
issue with the Cumulative Sec update.


MowGreen
===============
*-343-* FDNY
Never Forgotten
===============


AliceZ wrote:

> Read the following and wonder what I should do? Does anyone know what we are
> 'supposed' to do?
>
>
> Last update: July 7, 2009 - 6:07 AM
> SAN JOSE, Calif. - Microsoft Corp. has taken the rare step of warning about
> a serious computer security vulnerability it hasn't fixed yet.
>
> The vulnerability disclosed Monday affects Internet Explorer users whose
> computers run the Windows XP or Windows Server 2003 operating software.
>
> It can allow hackers to remotely take control of victims' machines. The
> victims don't need to do anything to get infected except visit a Web site
> that's been hacked.
>
> Security experts say criminals have been attacking the vulnerability for
> nearly a week. Thousands of sites have been hacked to serve up malicious
> software that exploits the vulnerability. People are drawn to these sites by
> clicking a link in spam e-mail.
> The so-called "zero day" vulnerability disclosed by Microsoft affects a part
> of its software used to play video. The problem arises from the way the
> software interacts with Internet Explorer, which opens a hole for hackers to
> tunnel into.
>
> Microsoft urged vulnerable users to disable the problematic part of its
> software, which can be done from Microsoft's Web site, while the company
> works on a "patch" — or software fix — for the problem.
>
> Microsoft rarely departs from its practice of issuing security updates the
> second Tuesday of each month. When the Redmond, Wash.-based company does
> issue security reminders at other times, it's because the vulnerabilities are
> very serious.
>
> A recent example was the emergency patch Microsoft issued in October for a
> vulnerability that criminals exploited to infect millions of PCs with the
> Conficker worm. While initially feared as an all-powerful doomsday device,
> that network of infected machines was eventually used for mundane moneymaking
> schemes like sending spam and pushing fake antivirus software.
>

I am really new to computers and in particular this problem. I am using WinXP
sp3 on my desktop with IE7 and two of my family are using the same on both of
their notebooks.
What should we do?
We looked at the "Fix It" page and it states that if you run the "Fix It"
work-around, it should fix your problem. What problem are they referring to?

Does everyone (who is using WinXP sp3) have to run this "Fix It" work-around?

I, and all my family, are completely confused and frightened that something
might be wrong with our computers.

Can someone please help and use non-technical terms.
Thank you.
Alice

=================
"MowGreen" wrote:

> Microsoft Security Advisory (972890)
> Vulnerability in Microsoft Video ActiveX Control Could Allow Remote Code
> Execution
> http://www.microsoft.com/technet/se...ory/972890.mspx
>
> Alice ... there is a O Day exploit of the above ActiveX control that is
> currently being actively exploited.
> The ActiveX control in question has *** no by-design uses for this
> ActiveX Control in Internet Explorer ***
> IOW, one should disable it's functionality ASAP as the control in
> question has NO legitimate use. None.
>
> This page contains a Fixit which can be run from the page or downloaded,
> saved, and then applied to XP and Windows 2003 systems:
>
> Microsoft Security Advisory: Vulnerability in Microsoft Video ActiveX
> control could allow remote code execution
> http://support.microsoft.com/kb/972890
>
> There is also a Disable workaround Fixit on the same page.
>
> I could speculate that since the ActiveX control in question has no
> legitimate use that applying the Fixit will preclude having to install a
> separate patch for this vulnerability BUT, the patch may be included in
> a future IE Cumulative Security Update, or it may not.
>
> IF a patch is released separately to address this vulnerability, then
> the Fixit will preclude installing that *separate* patch.
>
> However, if it is included in a Cumulative Security Update, then it may
> be wise to run the Disable workaround Fixit to avoid an installation
> issue with the Cumulative Sec update.
>
>
> MowGreen
> ===============
> *-343-* FDNY
> Never Forgotten
> ===============
>
>
> AliceZ wrote:
>
> > Read the following and wonder what I should do? Does anyone know what we are
> > 'supposed' to do?
> >
> >
> > Last update: July 7, 2009 - 6:07 AM
> > SAN JOSE, Calif. - Microsoft Corp. has taken the rare step of warning about
> > a serious computer security vulnerability it hasn't fixed yet.
> >
> > The vulnerability disclosed Monday affects Internet Explorer users whose
> > computers run the Windows XP or Windows Server 2003 operating software.
> >
> > It can allow hackers to remotely take control of victims' machines. The
> > victims don't need to do anything to get infected except visit a Web site
> > that's been hacked.
> >
> > Security experts say criminals have been attacking the vulnerability for
> > nearly a week. Thousands of sites have been hacked to serve up malicious
> > software that exploits the vulnerability. People are drawn to these sites by
> > clicking a link in spam e-mail.
> > The so-called "zero day" vulnerability disclosed by Microsoft affects a part
> > of its software used to play video. The problem arises from the way the
> > software interacts with Internet Explorer, which opens a hole for hackers to
> > tunnel into.
> >
> > Microsoft urged vulnerable users to disable the problematic part of its
> > software, which can be done from Microsoft's Web site, while the company
> > works on a "patch" — or software fix — for the problem.
> >
> > Microsoft rarely departs from its practice of issuing security updates the
> > second Tuesday of each month. When the Redmond, Wash.-based company does
> > issue security reminders at other times, it's because the vulnerabilities are
> > very serious.
> >
> > A recent example was the emergency patch Microsoft issued in October for a
> > vulnerability that criminals exploited to infect millions of PCs with the
> > Conficker worm. While initially feared as an all-powerful doomsday device,
> > that network of infected machines was eventually used for mundane moneymaking
> > schemes like sending spam and pushing fake antivirus software.
> >
>

AliceZ wrote:

> I am really new to computers and in particular this problem. I am using WinXP
> sp3 on my desktop with IE7 and two of my family are using the same on both of
> their notebooks.
> What should we do?
> We looked at the "Fix It" page and it states that if you run the "Fix It"
> work-around, it should fix your problem. What problem are they referring to?
>
> Does everyone (who is using WinXP sp3) have to run this "Fix It" work-around?
>
> I, and all my family, are completely confused and frightened that something
> might be wrong with our computers.
>
> Can someone please help and use non-technical terms.
> Thank you.
> Alice
>

This is as simple as I can possibly make it, Alice.

There's an Internet Explorer file that controls something. It is NEVER
for any legitimate purpose.
Some bad guys found out how to exploit a weakness in this file.

If you run the Fixit on the MS page there will be absolutely *NO* way
for the bad guys to run the file and take control of your computers.

Since the file has NO use for ANY legitimate purpose, there will be no
adverse consequences if you run the Fixit.

ALL versions of Windows XP are vulnerable to this exploit, Alice.
Tell your family and friends to run the Fixit ... ASAP.

Then there will be nothing to be worried about in regards to this
vulnerability.

Clear now ?


MowGreen
===============
*-343-* FDNY
Never Forgotten
===============

Thank you.
Don't know if this means anything, or not, but read the following:

#1- "Open Internet Explorer 7. #2- Choose Tools from the menu. #3- From the
resulting drop-down menu, choose Manage Add-ons, followed by Enable or
Disable Add-ons....
#4- In the Manage Add-ons window, choose Downloaded ActiveX Controls from
the Show: drop-down box. The resulting list will show every ActiveX Control
that Internet Explorer 7 has installed. If an ActiveX Control is causing the
problem you're troubleshooting, it will be one listed here."

#1- I looked in that area and do not see any Microsoft Active X entries.
Does that mean anything.
#2- Do you have WinXPsp3 and did you run the FixIt?
#3- What if we don't have the file and we run the FixIt?


"MowGreen" wrote:

> AliceZ wrote:
>
> > I am really new to computers and in particular this problem. I am using WinXP
> > sp3 on my desktop with IE7 and two of my family are using the same on both of
> > their notebooks.
> > What should we do?
> > We looked at the "Fix It" page and it states that if you run the "Fix It"
> > work-around, it should fix your problem. What problem are they referring to?
> >
> > Does everyone (who is using WinXP sp3) have to run this "Fix It" work-around?
> >
> > I, and all my family, are completely confused and frightened that something
> > might be wrong with our computers.
> >
> > Can someone please help and use non-technical terms.
> > Thank you.
> > Alice
> >
>
> This is as simple as I can possibly make it, Alice.
>
> There's an Internet Explorer file that controls something. It is NEVER
> for any legitimate purpose.
> Some bad guys found out how to exploit a weakness in this file.
>
> If you run the Fixit on the MS page there will be absolutely *NO* way
> for the bad guys to run the file and take control of your computers.
>
> Since the file has NO use for ANY legitimate purpose, there will be no
> adverse consequences if you run the Fixit.
>
> ALL versions of Windows XP are vulnerable to this exploit, Alice.
> Tell your family and friends to run the Fixit ... ASAP.
>
> Then there will be nothing to be worried about in regards to this
> vulnerability.
>
> Clear now ?
>
>
> MowGreen
> ===============
> *-343-* FDNY
> Never Forgotten
> ===============
>
>
>

hank you MowGreen:

What does this mean (which was on he FixIt page):

"Check whether the problem is fixed. If the problem is fixed, you are
finished with this article. If the problem is not fixed, you can contact
support (http://support.microsoft.com/contactus) ."

What problem are they referring to? I never had a 'problem.' I just read
that everyone with WinXP (sp3) should download the FixIt file and execute it.


=========
"MowGreen" wrote:

> AliceZ wrote:
>
> > I am really new to computers and in particular this problem. I am using WinXP
> > sp3 on my desktop with IE7 and two of my family are using the same on both of
> > their notebooks.
> > What should we do?
> > We looked at the "Fix It" page and it states that if you run the "Fix It"
> > work-around, it should fix your problem. What problem are they referring to?
> >
> > Does everyone (who is using WinXP sp3) have to run this "Fix It" work-around?
> >
> > I, and all my family, are completely confused and frightened that something
> > might be wrong with our computers.
> >
> > Can someone please help and use non-technical terms.
> > Thank you.
> > Alice
> >
>
> This is as simple as I can possibly make it, Alice.
>
> There's an Internet Explorer file that controls something. It is NEVER
> for any legitimate purpose.
> Some bad guys found out how to exploit a weakness in this file.
>
> If you run the Fixit on the MS page there will be absolutely *NO* way
> for the bad guys to run the file and take control of your computers.
>
> Since the file has NO use for ANY legitimate purpose, there will be no
> adverse consequences if you run the Fixit.
>
> ALL versions of Windows XP are vulnerable to this exploit, Alice.
> Tell your family and friends to run the Fixit ... ASAP.
>
> Then there will be nothing to be worried about in regards to this
> vulnerability.
>
> Clear now ?
>
>
> MowGreen
> ===============
> *-343-* FDNY
> Never Forgotten
> ===============
>
>
>

"AliceZ" <AliceZ@discussions.microsoft.com> wrote in message
news:A96827A1-B0D0-4751-9BB8-52EF47793ED3@microsoft.com...
> hank you MowGreen:
>
> What does this mean (which was on he FixIt page):
>
> "Check whether the problem is fixed. If the problem is fixed, you are
> finished with this article. If the problem is not fixed, you can contact
> support (http://support.microsoft.com/contactus) ."
>
> What problem are they referring to? I never had a 'problem.' I just read
> that everyone with WinXP (sp3) should download the FixIt file and execute
> it.
>
Yes, your computer had a problem; you just didn't realize that it did.

The FixIt file added registry items which are supposed to prevent the
recently discovered security hole from existing anymore. A security hole is
a definite problem especially when no one realizes its existence.

That message is a canned page which MS adds to nearly all of its hot fixes.

By the way, you should download the removal tool because if and when MS
provides a security update for ths problem, you may need to remove the
hotfix first.

Jim
<snip>