NEWS FROM THE LAB - Monday, July 6, 2009

F-Secure ISTP and the 0-day Vulnerability in MSVIDCTL.DLL Posted by Response @ 23:54 GMT

As mentioned in the previous post there's a new 0-day vulnerability in Microsoft's ActiveX Video Controls, more specifically in the file msvidctl.dll. Microsoft now has published an advisory about the vulnerability and in the advisory they recommend that you set the killbit to disable the vulnerable CLSIDs, all 45 of them.

As this vulnerability is actively being used in drive-by downloads it's a good idea to do this.

Or, you could download our free Internet Security Technology Preview or our standalone ExploitShield beta, which also protects against this — proactively, without the need for updates.

We tried our Internet Security Technology Preview (on which our upcoming 2010 product will be based) and its Browsing Protection against this new exploit and it worked like a charm. It blocked the exploit attempt without the need for any signatures/shields. The generic exploit protection is pretty awesome, as is ExploitShield itself.

Here's a video of how ISTP does against the new vulnerability and what happens if you disable parts of the protection technologies.

ISTP in action