Microsoft bug
An ActiveX flaw could allow hackers to remotely execute code

Microsoft warns of new ActiveX security threat

Unused control could be targeted for attack

Shaun Nichols in San Francisco

V3.co.uk, 07 Jul 2009

Microsoft is warning users to update their systems following the discovery of a new attack targeting an Internet Explorer ActiveX component.

The company said in a security advisory that it has received reports of attacks in the wild targeting a flaw in the Microsoft Video ActiveX control to remotely execute code on targeted systems.

Advertisement

ActiveX controls allow Internet Explorer to use external components to load various document and file types, and have been a prime target for attackers looking to remotely install malware on user systems.

The attack code is usually embedded within a web page to allow covert attack and installation.

According to Microsoft, the component itself does not have any legitimate use, and the flaw is believed to exist only in Windows XP and Windows Server 2003 systems. Windows Vista and Server 2008 are not believed to be vulnerable to the attack.

However, Microsoft is advising that users and administrators take action to disable the vulnerable component. The company has posted a support page which offers a script to deactivate the component.

Users can also manually disable the control by setting a killbit to disable the vulnerable component.

  • Have your say
  • Send to a friend
  • Print
  • Digg
  • Reddit
  • Share

Do you agree?

Have your say on this article

Further reading

hacker

Nine ball attack was 'overstated'

ScanSafe claims threat is insignificant

Twitter

New malware threat targets Twitter users

Malicious email attachment masquerades as message notification

Government central database system under renewed attack

Tories and privacy experts argue that the Shared Services agenda has gone too far

Security experts uncover one-stop botnet marketplace

Site allows trading of malware, data and networks of infected PCs

Related whitepapers

Related jobs

Most watched

iPhone

Video Review: iPhone 3GS

We put Apple's latest iPhone through its paces

V3.co.uk weekly debrief, 5 Feb 2010

This week we cover the continuing controversy surrounding the Orange T-Mobile deal

More video

Analysis and Reports

Using managed services to protect mobile data users from the latest security threats

Counting the cost of data security: the benefits of secured mobile services

Shifting Disaster Recovery targets with SharePoint and SQL server configurations

Using a hostbased recovery system for mission-critical systems

Poll

Adobe Flash poll

Adobe Flash poll

Do you agree with Steve Jobs about Flash being buggy?

View poll results

Advertisement

White paper library

Keep up to date with the latest products, services and technologies from the world's leading IT companies; IThound.com brings you over 6,000 white papers, case studies and analyst reports.

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

  • More available - 'submit' to view

Existing User

Newsletter user login:

Enter email address to edit your newsletter preferences

Job of the week

More IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Hiring now on ComputingCareers:

Related IT jobs

More IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Advertisement

Spotlight

Windows 7

Microsoft denies Windows 7 battery problems

Replacement warning functioning normally, claims software giant

Safer Internet Day

Safer Internet Day highlights online threats

Annual initiative warns of phishing, ID theft and social network...

AMD Fusion

AMD details Fusion innovations at ISSCC

Forthcoming chip with four CPU and one GPU cores will...

MSI Wind U135

Review: MSI Wind U135 netbook

A decent netbook incorporating the latest Intel technology in a...

Primary Navigation