Microsoft warns of hole in Windows Server, XP and Internet Explorer


Microsoft warns of hole in Windows Server, XP and Internet Explorer

Warwick Ashford

Microsoft has issued a warning of hacker attacks that attempt to exploit a vulnerability in the video ActiveX Control when used by Internet Explorer in Windows XP and Windows Server 2003.

"An attacker who successfully exploited this vulnerability could gain the same user rights as the local user," Microsoft warned in a security advisory notice.

This means that if a user is logged on with administrative user rights, an attacker could install programs, create new accounts and view, change or delete data.

"Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights," the advisory said.

Microsoft is working on a patch, but is advising all Windows users to take immediate steps to protect their systems from attack.

These include removing support for the ActiveX Control within Internet Explorer and changing Windows system settings to prevent the control running in the browser.

Guides on how to do this are contained in the workaround section of the security advisory and Microsoft's Knowledge Base article 240797.

Disabling the control will have no affect on browser performance because there are no by-design uses for this ActiveX Control in Internet Explorer, the advisory said.

Microsoft said it will release a security update to fix the vulnerability "when it has reached an appropriate level of quality" for broad distribution.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy