Microsoft warns of hole in Windows Server, XP and Internet Explorer

Microsoft has issued a warning of hacker attacks that attempt to exploit a vulnerability in the video ActiveX...

Microsoft has issued a warning of hacker attacks that attempt to exploit a vulnerability in the video ActiveX Control when used by Internet Explorer in Windows XP and Windows Server 2003.

"An attacker who successfully exploited this vulnerability could gain the same user rights as the local user," Microsoft warned in a security advisory notice.

This means that if a user is logged on with administrative user rights, an attacker could install programs, create new accounts and view, change or delete data.

"Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights," the advisory said.

Microsoft is working on a patch, but is advising all Windows users to take immediate steps to protect their systems from attack.

These include removing support for the ActiveX Control within Internet Explorer and changing Windows system settings to prevent the control running in the browser.

Guides on how to do this are contained in the workaround section of the security advisory and Microsoft's Knowledge Base article 240797.

Disabling the control will have no affect on browser performance because there are no by-design uses for this ActiveX Control in Internet Explorer, the advisory said.

Microsoft said it will release a security update to fix the vulnerability "when it has reached an appropriate level of quality" for broad distribution.



Enjoy the benefits of CW+ membership, learn more and join.

Read more on Hackers and cybercrime prevention

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.