Microsoft KB 972890 Video ActiveX Problem Issue Trouble

Microsoft KB 972890 Video ActiveX Problem Issue Trouble
Page content

Introduction

Security issues don’t come any worse than what I’m about to describe, especially if it happens <em>before</em> anyone else knows about the problem (*cough* zero day *cough*). Technically speaking, if there’s a hole in the proverbial wall then someone’s going to find a way to squeeze right through it… and the results can be outright devastating. Botnet code injection, keylogger traps – you name it, they’re going to push it right into your system and foul up the works; taking your banking logins, spamming the interwebs, overloading legitimate websites… these idiots will do anything and everything to push their foul agendas down the line and ruin your day – and make things even worse for everyone else.

So What’s the Big Deal, Anyway?

Exploit Trace and Packet Capture (Source: McAfee)

The issue at hand in this discussion, as outlined in Microsoft Knowledge Base entry number 972890 is just such an example of the classic, proverbial hole-in-the-wall sneak-attack – a prime target for a rather large security breach, if you will, that is just waiting to happen at moment’s notice… and entirely with no advance warning. The exact problem involves a video playback component (as designed around the old ActiveX specification) that ties into the Internet Explorer web browser. However, since the ActiveX component wasn’t originally designed for this integration it bears mention that such a tie-in requires the use of a rather malicious website script – which as specified above means that we also have a prime method for a complete system break-in on our hands in this scenario – and that can mean big trouble. The execution trace and packet capture related to the exploit is shown to the left; full details on this are available in a McAfee blog post.

Who or What is Affectid by This?

Thankfully, most consumer users of Windows 7 are in the clear on this problem. Unfortunately, those of you who are users of business-targeted Windows 7 releases and/or Windows 7 Ultimate – and who also use the Windows Virtual PC app to run a virtualized Windows XP session – then I’m sorry to say that you’re on the proverbial docket in this particular case. Same goes for those of you who are still using straight-up Windows XP installations (and yes, I know who you are). And for the record, I also have to call out Windows Server 2003 – sorry to say it again, but you guys are in the rut on this as well… and unfortunatly, that’s how it goes here.

What Can I Do to Fix the Problem?

Enabling the workaround from the group policy editor

Fortunately, this is a very easy fix – but you may need to check with your administrative professioinal in a multiuser environment to see if this has been taken care of already. That’s because a simple execution of the Windows Update tool will download a utitity to set what is known as a kill bit in order to prevent this targeted video player from being usable in any situation (certainly not a problem in a business setting where employee productivity is absolutely mandatory, no?)

More specifically, you’re going to want to see if the Cumulative Security Update of ActiveX Kill Bits (specifically, number 973346 or later) has been executed on your system. You can likewise enable a workaround solution through group policy settings after the update has been installed as shown to the right. Obviously, if you manage your own computer system (such as for personal use, or a home-operated business) then Windows Update should have already executed this tool (lest you had to reinstall Windows and other software in order to fix a hopelessly disabled system). Otherwise, the administrative professionals – if they’re required to apply the updates themselves – well, let’s say that you’ll have to turn everything over to them for execution of the utility tools (and theoretically, if you only have limited access to the computer system then you shouldn’t be affected on a personal basis anyway).