Attackers are actively exploiting a new zero-day flaw in
Microsoft Visual Studio 2005, and the software giant has released a
set of workarounds IT administrators can use
to blunt the threat.
In the advisory posted on the company's TechNet Web site,
Microsoft said it's investigating reports of a vulnerability in an
ActiveX control that's part of Visual Studio 2005 on Windows.
Attackers could exploit the flaw to run malicious code on targeted
machines.
"We are aware of proof-of-concept code published publicly and of
the possibility of limited attacks that are attempting to use the
reported vulnerability," Microsoft said. "Customers would need to
visit an attacker's Web site to be at risk."
When the investigation is completed, Microsoft said it will take
the appropriate action to help protect customers. "A security
update will be released through our monthly release process or an
out-of-cycle security update will be provided, depending on
customer needs," the company said.
In its advisory on the threat, Danish vulnerability
clearinghouse Secunia said the problem is an unspecified error in
the WMI Object Broker ActiveX Control (WmiScriptUtils.dll).
"Successful exploitation allows execution of arbitrary code when
a user visits a malicious Web site using Internet Explorer,"
Secunia said. "The vulnerability is already being actively
exploited."
The firm rated the flaw "extremely critical," its highest threat
level. The rating is designated for remotely exploitable
vulnerabilities that can lead to a full system compromise.
To blunt the threat, Microsoft recommends IT administrators take
the following actions:
- Prevent the WMI scripting control from running in Internet
Explorer.
- Configure Internet Explorer to prompt before running active
scripting or disable Active scripting in the Internet and Local
intranet security zone.
- Set Internet and Local intranet security zone settings to
"high" to prompt before running ActiveX controls and active
scripting in these zones.