How to fix that Windows Old ActiveX vulnerability

Betanews reports of an old ActveX Control that tunes in to MPEG2 transport streams in Windows machines that have outlived their usefulness but its mere presence has become another vulnerability for attacks.

However, don’t expect an update or patch from Microsoft that will fix this vulnerability. According to the company, we users can fix it for ourselves! (So much for support right?)

We do this by tweaking with our machine’s Registry! Yes, Microsoft has just asked you to do brain surgery on your Windows machine. Don’t be scared. It’s Windows so you’re already used to having bugs, security holes and vulnerabilities on it. Besides, betanews has a guide on how to do this ‘brain surgery’ on your computer.

Windows XP users pay close attention because it seems that your version of Windows is the most vulnerable one. Vista and Windows 7 users can relax a little. However, one could never be too cautious with your Windows machine right? Anyways, here’s how to fix it:

  1. Open Security Advisory 972890 and scroll down to General Information. Open the Suggested Actions tier, followed by Workarounds, and scroll down until you see the long list marked Class Identifier.
  2. Start the Windows Registry Editor (REGEDIT). (For Vista, you may need to click on Continue at the UAC prompt.)
  3. In the left pane, open the folder corresponding to the Registry tier \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility. The good news here is that all the CLSIDs in this segment of the Registry, and all the CLSIDs in Microsoft’s warning list, are in hexadecimal numerical order, so you won’t have to search each one from top to bottom.
  4. Scan the Registry to see if any of the CLSIDs correspond exactly to any of the 45 Registry items flagged by Microsoft. More than one may correspond. If none correspond, you are already safe from this exploit. Betanews was unable, for example, to find any of the 45 Registry entries on our Windows XP or Vista systems, and we don’t expect to see it in Windows 7
  5. If you do find an offending CLSID, then do not delete it. That actually won’t change anything at all, believe it or not. Instead, choose its entry from the left pane.
  6. Check the right pane for a value named Compatibility Flags. If it does not yet exist, you’ll need to create it. Right-click on the empty space in the right pane, and from the popup menu, select New, Binary Value. A new listing will be created that moment, which you’ll need to rename. Type Compatibility Flags and Enter.
  7. Right-click on Compatibility Flags and from the popup menu, select Modify. In the Edit DWORD Value dialog box, under Value data, type 400, leave the Base setting on Hexadecimal, then click on OK. Repeat this process for all the remaining CLSIDs in Microsoft’s list.

What this does is set the kill bit for the control. It’s still registered (and it’s still taking up space on your hard drive, doing nothing), but now it’s at least turned off, so it can’t be leveraged in an attack.

Simple was it not? For those who are too scared to perform this procedure on your machine, try this Fix it For Me page which allows you to download a small app from Microsoft that will automate this registry tweak for you.

Leave a Reply