Microsoft usually issue any security updates on the second Tuesday of each month. Now, in quite a rare move, they have issued a warning outside of this regular slot about a computer security vulnerability affecting Internet Explorer.
Those at risk are users whose computers are running Windows XP or Windows Server 2003 operating software.
Microsoft is taking this risk very seriously which is why they have issued a security bulletin now.
Quite rightly so too, the vulnerability is serious make no mistake about that, it would allow a potential hacker to completely take over your computer, install new programmes, create accounts, delete data, you name it, and with full user rights.
“An attacker who successfully exploited this vulnerability could gain the same user rights as the local user,” and “We are aware of attacks attempting to exploit the vulnerability.” Microsoft warned in a security bulletin.
The problem exists in a part of software used to play video and when the software interacts with Internet Explorer it basically opens up a hole where hackers can gain access right into your computer.
“When the ActiveX control is used in Internet Explorer, the control may corrupt the system state in such a way that an attacker could run arbitrary code,” Microsoft said.
ActiveX enables Internet Explorer to use external components to load different types of files and have been a target before for attackers who want to remotely install Malware on computer systems.
Usually the code is embedded in a webpage which is then installed on the user’s computer when the user visits that webpage.
With regard to this latest threat, you don’t even need to do anything to get infected with the malicious software except visit a website that’s already been hacked to dish up the software that exploits the vulnerability.
Security experts have been monitoring the vulnerability for around a week now and have said that people are drawn to the hacked sites via a link in a spam email that they have clicked on.
“Microsoft is currently working to develop a security update for Windows to address this vulnerability.”
In the meantime Microsoft is urging all users and administrators to disable the part of the software that puts the PC at risk and have posted a support page on the Microsoft website which contains a script to disable the vulnerable component.
If you want to find out all the latest news on tech why not subscribe to our RSS feed?
Leave a Reply