Microsoft is warning users to update their systems following the discovery of a new attack targeting an Internet Explorer ActiveX component.
The company said in a security advisory that it has received reports of attacks in the wild targeting a flaw in the Microsoft Video ActiveX control to remotely execute code on targeted systems.
ActiveX controls allow Internet Explorer to use external components to load various document and file types, and have been a prime target for attackers looking to remotely install malware on user systems.
The attack code is usually embedded within a web page to allow covert attack and installation.
According to Microsoft, the component itself does not have any legitimate use, and the flaw is believed to exist only in Windows XP and Windows Server 2003 systems. Windows Vista and Server 2008 are not believed to be vulnerable to the attack.
However, Microsoft is advising that users and administrators take action to disable the vulnerable component. The company has posted a support page which offers a script to deactivate the component.
Users can also manually disable the control by setting a killbit to disable the vulnerable component.
See also:
Malicious email attachment masquerades as message notification 19 Jun 2009
Tories and privacy experts argue that the Shared Services agenda has gone too far 17 Jun 2009
Site allows trading of malware, data and networks of infected PCs 17 Jun 2009All Bugs & Fixes Tags: Microsoft, Internet-explorer, Activex, Threats, Security
del.icio.us
Digg this
reddit!
