X
Business

IE users beware: Zero-day attacks hit Microsoft Video ActiveX Control

Malicious hackers are launching code execution exploits against new, unpatched vulnerability in the Microsoft Video ActiveX Control, the company warned in an advisory.The attacks are currently targeting users of Microsoft's Internet Explorer browser.
Written by Ryan Naraine, Contributor

Malicious hackers are launching code execution exploits against new, unpatched vulnerability in the Microsoft Video ActiveX Control, the company warned in an advisory.

The attacks are currently targeting users of Microsoft's Internet Explorer browser.  "An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention," Microsoft said.

[ GALLERY: How to use Internet Explorer securely ]

The company said the buggy ActiveX Control can be safely removed without any compatibility issues:

Our investigation has shown that there are no by-design uses for this ActiveX Control in Internet Explorer which includes all of the Class Identifiers within the msvidctl.dll that hosts this ActiveX Control. For Windows XP and Windows Server 2003 customers, Microsoft is recommending removing support for this ActiveX Control within Internet Explorer.

...Though unaffected by this vulnerability, Microsoft is recommending that Windows Vista and Windows Server 2008 customers remove support for this ActiveX Control within Internet Explorer using the same Class Identifiers as a defense-in-depth measure.

Internet Explorer users should pay careful attention to the workarounds section of Microsoft's advisory and take all necessary precautions.

Microsoft has activated its security incident response process but a patch won't be ready for at least a few months.

Editorial standards