Microsoft ActiveX bug is ‘extremely critical’

Microsoft has confirmed it is investigating a security bug described by independent security experts as “extremely critical” in XML Core Services on Windows.

Microsoft has confirmed it is investigating a security bug described by independent security experts as “extremely critical” in XML Core Services on Windows.

The company said it was aware of “limited attacks” that were attempting to exploit the vulnerability.

Security firm Secunia warned that the hackers could exploit the “extremely critical” flaw in the XMLHTTP 4.0 ActiveX Control of XML Core Services to compromise a user’s system and execute arbitrary code.

Microsoft said exploitation of the flaw relied on attackers luring users to malicious websites. Users running Windows Server 2003 and Windows Server 2003 Service Pack 1 in their default configurations, with the Enhanced Security Configuration switched on, would not be affected.

The software giant said it would “take appropriate action” following its investigation. A security update would be issued either through Microsoft’s monthly patching cycle, or through an out-of-cycle update.

Comment on this article: computer.weekly@rbi.co.uk

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close