• Home
  • About 404TS
  • Contact

404 Tech Support

Where IT Help is Found

  • Articles
    • Code
    • Entertainment
    • Going Green
    • Hardware, Gadgets, and Products
    • Management
    • Network
    • News
    • Operating Systems
    • Security and Privacy
    • Software
    • System Administration
    • Talking Points
    • Tech Solutions
    • Web
    • Webmaster
  • Reviews
  • Media
    • Infographics
    • Videos
  • Tech Events
  • Tools
    • How do I find my IP address?
    • Browser and plugin tests
  • Get a Technical Consultation
You are here: Home / Articles / Security and Privacy / Prevent the Microsoft ActiveX Exploit in Internet Explorer

Prevent the Microsoft ActiveX Exploit in Internet Explorer

2009-07-07 by Jason

Microsoft yesterday announced a dangerous exploit for users with Windows XP or Windows Server 2003 operating systems and use Internet Explorer. You can read more about the exploit with this article from The Register. If you are using Windows Vista or Windows Server 2008, you are not susceptible to this bug.

This is an odd announcement for Microsoft to make; usually, they will only announce that such bugs exist when they are releasing a fix to the problem. This prevents more malicious people from knowing about the exploits before there is a patch available. It seems in this instance and the reason for the rush announcement is that enough malicious people are actively exploiting the problem that Microsoft needed to announce the problem to make the general public aware of it as well. In this article, you can learn a number of different steps you can take to prevent the exploit from impacting you.

MicrosoftFixIt

A quick and easy fix is to use a different web browser:

  • Mozilla Firefox
  • Google Chrome
  • Opera

Information

If you are like the many that are required to use Internet Explorer for specific applications, there still remains a fix that you can implement to safe-guard yourself. First of all, knowledge is power. You can learn about the specifics of the exploit by reading the Microsoft Security Advisory (972890) on the issue.

Automatic Workaround

If you’d like to have Microsoft automatically fix the problem for you, you can visit the related Knowledge Base article on the exploit and click the Enable Workaround. It downloads an MSI and requires administrator rights to run. Despite being an MSI, it seems the workaround cannot be deployed via a group policy. If you wish to undo the changes that the workaround made, you can download and run the file under the Disable Workaround section.

Manual Workaround

If you’d like to make the fix manually, you can follow the instructions in the Security Advisory under the Suggested Actions and Workarounds sub-section. This step involves writing a number of registry keys (45) with a .REG script.

You can deploy the .REG file as part of a script using this command in the Startup script:

regedit.exe /s ServerNameActiveXFixactivexfix.reg

You can also unregister the buggy dll that is responsible.

regsvr32 -u msvidctl.dll

Deployment Methods

You can deploy this fix as the registry key using a startup script above or you can make it a little more elegant by using a custom ADM template to write the registry keys. This also has the advantage that users will not have to restart or log off. It will apply at the next Group Policy refresh.

ADM files, however, aren’t much fun to make. Fortunately, a few have already been made and I liked this one that you can download from Bink.nu. If you don’t trust it, open it in a text editor and see all that it does.

Next, create a new GPO and add the custom template by right-clicking on Administrative Templates and choosing Add/Remove Templates… Add the custom template from wherever you downloaded it. In order to enable the setting, you’ll need to select Administrative Templates again and then go to View, Filtering… Uncheck the box that says ‘Only show policy settings that can be fully managed’ and hit Ok.

filtering

Under Administrative Templates, you should see a KB972890 Workaround folder. If you select that, you’ll be able to configure the new policy that allows you to Block Microsoft Video ActiveX Control in IE.

template

When the Microsoft patch is finally released, just change the state of this policy to Disabled.

Conclusion

It seems likely that Microsoft will deliver a critical update shortly and out of cycle (not on the second Tuesday of the month), but in the meantime you can protect your computer and your users by following the above steps.

Filed Under: Security and Privacy, Software

Trending

  • Clearing select Google Chrome history with a query
    In Software, Tech Solutions
  • Save Icon Position on your Desktop
    In Software, Tech Solutions
  • Out-of-band security patch for Windows today
    In Security and Privacy

Latest Media Posts

Find Out Where To Download SNES ROMs

Find Out Where To Download SNES ROMs

Multifunctional Video Conversion Tools – Wondershare Video Converter

Multifunctional Video Conversion Tools – Wondershare Video Converter

  • Popular
  • Latest
  • Today Week Month All
  • Access to the resource [servershare] has been disallowed Access to the resource [servershare] has been disallowed
  • What is the AllJoyn Router Service on Windows 10? What is the AllJoyn Router Service on Windows 10?
  • Read the Event Logs on Windows Server Core Read the Event Logs on Windows Server Core
  • How a DirecTV bill really works in 2015 How a DirecTV bill really works in 2015
  • SOLVED: “This modification is not allowed because the selection is locked.” SOLVED: "This modification is not allowed because the selection is locked."
  • How Virtual Reality Supports Mental Health Therapy How Virtual Reality Supports Mental Health Therapy
  • Key Strategies of Successful Coin Listing on Exchange Key Strategies of Successful Coin Listing on Exchange
  • Keeping Your Mac Healthy: A Comprehensive Guide to Maintenance and Troubleshooting Keeping Your Mac Healthy: A Comprehensive Guide to Maintenance and Troubleshooting
  • Making Distributed Software Development Work: Strategies and Best Practices for Managing Remote Teams Making Distributed Software Development Work: Strategies and Best Practices for Managing Remote Teams
  • customer contactless payment for drink with mobile phon at cafe counter bar,seller coffee shop accept payment by mobile.new normal lifestyle concept The Latest Innovations In Payment Technology
Ajax spinner

Elevator Pitch

404 Tech Support documents solutions to IT problems, shares worthwhile software and websites, and reviews hardware, consumer electronics, and technology-related books.

Subscribe to 404TS articles by email.

Recent Posts

  • How Virtual Reality Supports Mental Health Therapy
  • Key Strategies of Successful Coin Listing on Exchange
  • Keeping Your Mac Healthy: A Comprehensive Guide to Maintenance and Troubleshooting

Search

FTC Disclaimer

404TechSupport is an Amazon.com affiliate; when you click on an Amazon link from 404TS, the site gets a cut of the proceeds from whatever you buy. This site also uses Skimlinks for smart monetization of other affiliate links.
Use of this site requires displaying and viewing ads as they are presented.

Copyright © 2025 · Magazine Pro Theme on Genesis Framework · WordPress · Log in