||||
Symantec.com > Security Response > Symantec ThreatCon

ThreatCon

The ThreatCon is currently at Level 2: Elevated.

The ThreatCon is at Level 2. On July 2, 2009, Symantec became aware of a previously unknown vulnerability affecting Microsoft Windows. This issue affects the 'msvidctl.dll' video streaming ActiveX control. Attackers can exploit the issue to execute arbitrary code by enticing a vulnerable user to visit a malicious site. This issue is being exploited in the wild.

On July 6, 2009, Microsoft published a security advisory discussing the issue:

Microsoft Security Advisory (972890)
Vulnerability in Microsoft Video ActiveX Control Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/972890.mspx

Users are advised to:
-Use caution while accessing untrusted sites.
-Avoid following links that originate from unknown sources.
-Consider setting the kill bit on the associated CLSID.
-Deploy script-blocking mechanisms in the browser.
-Deploy memory-protection schemes such as nonexecutable stack/heap configurations and randomly mapped memory segments.

For more information, see the following vulnerability alert:

Microsoft Windows 'BDATuner.MPEG2TuneRequest.1' Object Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/35558

Symantec ThreatCon Rating

The Symantec ThreatCon rating is a measurement of the global threat exposure, delivered as part of Symantec DeepSight Threat Management System.
ThreatCon Level 2
Medium : Increased alertness
This condition applies when knowledge or the expectation of attack activity is present, without specific events occurring or when malicious code reaches a moderate risk rating. Under this condition, a careful examination of vulnerable and exposed systems is appropriate, security applications should be updated with new signatures and/or rules as soon as they become available and careful monitoring of logs is recommended. Changes to the security infrastructure are not required.
View ThreatCon Definitions

Symantec DeepSight Threat Management System

Symantec DeepSight Threat Management System tracks security events on a global basis, providing early warning of active attacks. With personalized notification triggers and expert analysis, the system enables enterprises to prioritize IT resources in order to better protect critical information assets against a potential attack. To track security threats, it continuously correlates IDS and firewall attack data from the security systems of over 20,000 partners in over 180 countries, plus virus statistics from the Symantec Digital Immune System and many other human intelligence resources. Experts at Symantec analyze the information to identify active attacks and deliver advanced warning with actionable analyses and countermeasures.
PRINT THIS PAGE
2 year protection
Windows Vista Security
©1995 - 2009 Symantec Corporation
Site Map|
Legal Notices|
Privacy Policy|
|
Contact Us|
Global Sites|
License Agreements|
RSS