Microsoft has issued a warning of hacker attacks that attempt to exploit a vulnerability in the video ActiveX Control when used by Internet Explorer in Windows XP and Windows Server 2003.
"An attacker who successfully exploited this vulnerability could gain the same user rights as the local user," Microsoft warned in a security advisory notice.
This means that if a user is logged on with administrative user rights, an attacker could install programs, create new accounts and view, change or delete data.
"Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights," the advisory said.
Microsoft is working on a patch, but is advising all Windows users to take immediate steps to protect their systems from attack.
These include removing support for the ActiveX Control within Internet Explorer and changing Windows system settings to prevent the control running in the browser.
Disabling the control will have no affect on browser performance because there are no by-design uses for this ActiveX Control in Internet Explorer, the advisory said.
Microsoft said it will release a security update to fix the vulnerability "when it has reached an appropriate level of quality" for broad distribution.