Active protection: zero-day vulnerability repair manual

According to foreign media reports, yesterday Microsoft issued a major ActiveX plug-in Vulnerability Alert, which allows hackers to attack IE users on Windows platforms, engage in activities that endanger network security, such as mounting Trojans and spreading viruses. ActiveX plug-ins exist in Windows systems. Their initial use was to control the MREG2 video transmission stream. Windows Media Player and Apple's Quick Time both have plug-ins similar to ActiveX. This attack is targeted at Internet Explorer users in Windows Xp and Server 2003 systems. Earlier today, Microsoft confirmed a report from the network storm center (ISC) that it had admitted that hackers exploited the vulnerability to launch attacks against Chinese websites.

Figure 1 zero-day vulnerability attack

According to cybersecurity expert Grem keruli, it is obvious that some hackers have used the vulnerability to launch attacks so that the victims can install and execute programs with insecure information. On the morning of the 6th, Yan Chengyun, a Chinese security engineer from Microsoft, pointed out that after users accidentally click the attacked website, computer viruses such as slow running and closed browsers may occur. If the link is embedded in an email, it is relatively safe. This indicates that as long as the user does not click, malicious code will not be able to attack through Microsoft's email client. At this morning's security consultation meeting, Microsoft admitted that as of now, Microsoft engineers have forgotten ActiveX. Microsoft's investigation report confirms that the msvidctl. dll module is responsible for ActiveX plug-in control. Crud and other experts blame Microsoft for failing to release patches in a timely manner. In fact, we don't need any patches. You can delete this control to enhance the security performance of your computer. For anyone who has used the registry, the procedure is very simple. At best, it is only a small case. Microsoft Security experts have listed all the suspicious registry information. In other words, you can use the following method to ensure Windows security without waiting for Microsoft to release a new update package: Address officially provided by Microsoft:

Http://support.microsoft.com/kb/972890#LetMeFixItMyself

Figure 2 Registry Modification steps

Procedure:

1. Check the list of suspicious Class Identifiers provided in the Microsoft Security Report;

2. Start Windows Registry (Regedit). For Vista users, you may need to click User Account Control to perform operations.

3. Open the Registry layer corresponding to the folder in the left column: HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternetExplorerActiveXCompatibility

4. The class specifiers in the Registry are queued in hexadecimal order, saving the trouble of searching one by one.

5. Check the suspicious identifiers in the Control List and delete them after they are found. If you do not find any identifiers listed in the table, your computer is safe.

6. Check the Compatibility Flags file in the right column. If not, you need to create a new Compatibility Flags file: Right-click the blank space and select "new binary value" from the pop-up menu ". A new list will be created. You need to rename it Compatibility Flags and press enter to confirm.

7. Right-click Compatibility Flags and select the "modify" option from the pop-up menu. In the Edit DWord Value dialog box, enter 400, set it to hexadecimal, and click OK.

8. Repeat the preceding steps until all suspicious registry information is cleared.

After all the operations are completed, the system's risky vulnerabilities have been disabled, so that your computer can be escaped.