So how does this attack occur and why should you be concerned? For this attack to be successful, the user simply has to open an email or browse to a website that opens a Video ActiveX Control. A malicious payload of the attacker’s choice is then downloaded onto the user’s system. This could be anything from annoying adware to password stealing programs that could allow an attacker to steal your online banking or Paypal credentials.

Currently, there’s no official patch for this exploit but there is a workaround that was just released. The workaround disables this particular ActiveX control in Internet Explorer. This will not degrade the end users experience because there is no legitimate need for this particular ActiveX control in Internet Explorer to begin with. The next round of patches are due from Microsoft on July 14th, which may or may not include a patch for this very serious security risk.

In the mean time, Falcon Worx recommends that all of our customers and friends visit the Microsoft’s Security and Defense blog to download the work around for this exploit. Go to the bottom of the page and click the “Fix It” image. Download the .MSI file, and just click “Next”. Yes, it’s really that simple!

Once again, this is an example of how Falcon Worx uses a proactive approach rather than a reactive approach. Why wait UNTIL you have a problem? Take care of the problem BEFORE it can occur, protecting your company from downtime! If you need assistance implementing this workaround, contact us to setup an appointment!

DOWNLOAD:

Microsoft Security Research & Defense Blog