Just and FYI that we’ve released Microsoft Security Advisory 972890. This discusses new, limited attacks against a Microsoft Video ActiveX Control affecting Windows XP and Windows Server 2003. From the source:
“…our investigation has shown that there are no by-design uses for this ActiveX Control within Internet Explorer. Therefore, we’re recommending that all customers go ahead and implement the workaround outlined in the Security Advisory: setting all killbits associated with this particular control. While Windows Vista and Windows Server 2008 customers are not affected by this vulnerability, we are recommending that they also set these killbits as a defense-in-depth measure. Once that killbit is set, any attempt by malicious websites to exploit the vulnerability would not succeed.”
For more information see http://blogs.technet.com/msrc/archive/2009/07/06/microsoft-security-advisory-972890-released.aspx.
J.C. Hornbeck | Manageability Knowledge Engineer