Current Activity - Microsoft WMI Administrative Tool ActiveX Control Vulnerability

[Current Activity <us-cert () us-cert gov>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

US-CERT Current Activity

Microsoft WMI Administrative Tool ActiveX Control Vulnerability

Original release date: December 22, 2010 at 11:36 am
Last revised: December 22, 2010 at 11:36 am


US-CERT is aware of a vulnerability affecting the WBEMSingleView.ocx
ActiveX control. This control is part of the Microsoft WMI
Administrative Tools package. Exploitation of this vulnerability may
allow an attacker to execute arbitrary code.

US-CERT encourages users and administrators to set the kill bit for
CLSID 2745E5F5-D234-11D0-847A00C04FD7BB08 to help mitigate the risks
until a fix is available from the vendor. Information on how to set a
kill bit can be found in Microsoft knowledgebase article KB240797.
Users and administrators are also encouraged to implement best
security practices defined in the Securing Your Web Browser document
to reduce the risk of this and similar vulnerabilities. Additional
information regarding this vulnerability can be found in US-CERT
Vulnerability Note VU#725596.

Relevant Url(s):
<http://www.us-cert.gov/reading_room/securing_browser/>

<http://support.microsoft.com/kb/240797>

<http://www.kb.cert.org/vuls/id/725596>

====
This entry is available at
http://www.us-cert.gov/current/index.html#microsoft_wmi_administrative_tool_activex

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTRIsgT6pPKYJORa3AQIKdwf/fVSNHrsfKwCGOW0xF7KxKmJ2V19ogUum
2OxfziJupQ2hulZzkS+H6pkhKWuVxUNf87wzyZWusn0zRQqE04uFnF7V6UvxST/x
vTxgCcCDJcG9n6CRSh/R4aZBD2YL5N6I3z1j7ifxExW4I7xMWvPpbjpmvXrY2hYD
CcmS5pluAKs/X6KhafULSRCG3vwb+ChaXA2wYrzGgjhrP8pwd350iKvn56CjiXAR
oKlzJQxMNvBLY+4k6rYqkkAknDLg0cfwhnTjlNJeJzFVFFRfFmA7q4hBGcNib78L
sWkxTYIDM/lwYZHRQewL0h28rXo06ynKsktAPJtUKyVSFXATxS0LHA==
=XLKN
-----END PGP SIGNATURE-----