Tuesday, July 07, 2009

Microsoft warning: Security hole in Video ActiveX control


Microsoft has warned of a flawed software in Internet Explorer that hackers can exploit to take over some computers. The vulnerability affects Internet Explorer users whose computers run the Windows XP or Windows Server 2003 operating systems.If a victim visits an infected website, hackers can remotely take control of their machine.

Microsoft said it was working with partners to patch the weakness in ActiveX Video Control involved in capturing, recording or playing video and is also a main component of Windows Media Center.Microsoft advised users to deactivate ActiveX Video Control until a fix is available.

However, the good news might be that the buggy ActiveX Control doesn't affect any major functionality in IE.At worst, the ActiveX Control bug, which affects several versions of Windows, including Windows XP and Windows Server 2003, allows attackers to infiltrate a user's system to download malicious code, typically information-stealing Trojans.Attackers taking advantage of the vulnerability could install programs; view, change or delete data; or create new accounts with full user rights.

Microsoft said in its advisory that it was working on a fix for the bug, which will either be released in its monthly Patch. Internet Explorer versions 6 and 7 are at risk, but people running IE 8 are not vulnerable.