Zero-day attacks target Microsoft Visual Studio

Attackers are actively exploiting a new zero-day flaw in Microsoft Visual Studio 2005, and the software giant has released a set of workarounds IT administrators can use to blunt the threat.

In the advisory posted on the company's TechNet Web site, Microsoft said it's investigating reports of a vulnerability in an ActiveX control that's part of Visual Studio 2005 on Windows. Attackers could exploit the flaw to run malicious code on targeted machines.

Zero-day attacks: AV upstarts tout need for speed in zero-day fight Microsoft Excel zero-day flaw discovered Zero-day flaws target 'safe' programs New Microsoft Word zero-day exploit discovered

"We are aware of proof-of-concept code published publicly and of the possibility of limited attacks that are attempting to use the reported vulnerability," Microsoft said. "Customers would need to visit an attacker's Web site to be at risk."

When the investigation is completed, Microsoft said it will take the appropriate action to help protect customers. "A security update will be released through our monthly release process or an out-of-cycle security update will be provided, depending on customer needs," the company said.

In its advisory on the threat, Danish vulnerability clearinghouse Secunia said the problem is an unspecified error in the WMI Object Broker ActiveX Control (WmiScriptUtils.dll).

Podcast: What is a zero-day exploit?

"Successful exploitation allows execution of arbitrary code when a user visits a malicious Web site using Internet Explorer," Secunia said. "The vulnerability is already being actively exploited."

The firm rated the flaw "extremely critical," its highest threat level. The rating is designated for remotely exploitable vulnerabilities that can lead to a full system compromise.

To blunt the threat, Microsoft recommends IT administrators take the following actions:

• Prevent the WMI scripting control from running in Internet Explorer.
• Configure Internet Explorer to prompt before running active scripting or disable Active scripting in the Internet and Local intranet security zone.
• Set Internet and Local intranet security zone settings to "high" to prompt before running ActiveX controls and active scripting in these zones.