This week, Microsoft announced that DirectShow ActiveX code in Internet Explorer 6 and 7 that was reserved for future use has finally been used - by malware providers. The DirectShow Video ActiveX control in the msvidctr.dll file can be used to take over your system if you visit an infected website. According to Symantec, thousands of websites (primarily in China and other parts of Asia) have been affected.
Who's vulnerable? According to Microsoft Knowledge Base article 972890, Windows Server 2003, Windows XP SP2, Windows XP SP3, and Windows XP 64-bit edition are at risk if they haven't upgraded to IE8. IE8 is not vulnerable because the DirectShow ActiveX control being exploited was disabled in IE8. But, if you're still running IE7 (or - horrors! - IE6), what now?
Although Microsoft doesn't have a software patch, it's offering the next best thing: visit KB article 972890 to download and run Microsoft Fix it control 50287 to work around the problem (the same site also offers Microsoft Fix it control 50288 to disable the workaround). The woraround and disable workaround controls are distributed in .msi installer files. Microsoft also recommends the workaround for Windows Vista and Windows Server 2008 users who are still running IE7.
If you want to learn more about what the workaround changes, you can visit the Microsoft Security Advisory (972890) page. This page lists the CLSID values that must be changed. This information can be incorporated into a .reg file, or can be distributed to multiple PCs in a domain using Group Policy. For additional information, see Security Focus article 35558.