Good Morning,
CCIP did not initially post this alert to the NZNOG list yesterday as it
was felt that members might not deem this type of posting appropriate
for the NZNOG list. However there have been a number of requests from
NZNOG members requesting for this to be posted here, who had received it
from yesterday CCIP's mailing lists.
CCIP would be interested in feedback about the applicability of CCIP's
Alerts on the NZNOG list. Currently CCIP's threshold for issuing these
types of alerts is when there is active exploitation of a new or
unpatched vulnerability in the wild.
Regards,
Paul.
--
Paul McKitrick
Head of Stakeholder Engagement
Centre for Critical Infrastructure Protection
D: (+64) 4 498 7645
P: (+64) 4 498 7654
F: (+64) 4 498 7655
E: paul.mckitrick(a)ccip.govt.nz
W: www.ccip.govt.nz
---
This e-mail contains official New Zealand Government information, which
is intended for the use of addressees only. If you have received this
e-mail in error, please notify the sender immediately and delete. You
should not further disseminate, distribute or copy this e-mail in any way.
---
-------- Original Message --------
Subject: CCIP ALERT: Microsoft unpatched vulnerability is being actively
exploited in the wild
Date: Tue, 07 Jul 2009 13:38:28 +1200
From: CCIP Info
To: CCIP
CC: incidents(a)ccip.govt.nz
Good Afternoon,
For those of you who are not already aware, CCIP would like to bring
your attention the the Microsoft Security Advisory 972890 that was
released today:
http://www.microsoft.com/technet/security/advisory/972890.mspx
Microsoft have announced a vulnerability in Microsoft Video ActiveX
Control that allows remote code execution. This is reported to affect
versions of Windows XP and Window Server 2003.
CCIP is bringing this to your attention as this vulnerability has been
reported as being actively exploited in the wild.
MITIGATION
Administrators are advised to take the following mitigation steps
immediately.
There is currently no patch to correct this issue. However you can set
the kill-bit to mitigate this vulnerability.
Microsoft have provided a way to automatically implement the workaround
by following the instructions under "Fix It For Me" in the following
Knowledge Base article: http://support.microsoft.com/kb/972890
Alternatively the following quoted text can be included in a .REG file
and imported into your registry.
---BEGIN QUOTE---
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX
Compatibility\{0955AC62-BF2E-4CBA-A2B9-A63F772D46CF}]
"Compatibility Flags"=dword:00000400
---END QUOTE---
Please note that in addition to the class identifier listed in the
above example there is a full list of class identifiers in the
Suggested Actions-->Workarounds section of the Microsoft Advisory:
http://www.microsoft.com/technet/security/advisory/972890.mspx
It is recommended that all of them are implemented.
There is also a writeup on Microsoft's Security Response Centre Blog:
http://blogs.technet.com/msrc/archive/2009/07/06/microsoft-security-advisory...
Regards,
The CCIP Team
---
This e-mail contains official New Zealand Government information, which
is intended for the use of addressees only. If you have received this
e-mail in error, please notify the sender immediately and delete.
You should not further disseminate, distribute or copy this e-mail in
any way.
---