ActiveX Vulnerability Prompts Microsoft To Issue Security Warning

Microsoft Corp. is alerting its users to update their systems following reports of attacks exploiting a critical vulnerability in its Internet Explorer’s video ActiveX component emerged.

In a security advisory, the software giant asserted that the vulnerability could allow hackers to seize control over victims’ computer, without notifying them about it, thereby inflicting all sorts of troubles for them.

Microsoft is suggesting that the users of Windows Server 2003 as well as Windows XP should disable the vulnerable video ActiveX component by using a workaround given on its website.

Although the company claimed that the vulnerability wouldn’t affect the uses of Windows 2008 and Windows Vista, but it is still recommending users to disable the ActiveX component “as a defence-in-depth measure”.

The workaround published on the company’s website could either be applied manually by carrying out registry edit, or automatically through a pre-prepared fix. The company further asserted that disabling ActiveX control in Internet Explorer wouldn’t affect the compatibility of the application.

Christopher Budd, the security program manager for Microsoft, wrote on MSRC blog; “We have an investigation into this issue under way as part of our Software Security Incident Response Process (SSIRP) and are working to develop a security update to address the issue.”

and join more than 1600 other followers.

Our Comments

Internet Explorer is the world's most popular web browser and it is therefore not surprising that it attracts so much attention from hackers. Ironically, because ActiveX has long been targeted as one of the most potential dangerous flaws in Microsoft's ecosystem, it has been not been as deadly as other Microsoft vulnerabilities.

Related Links

Microsoft warns of new ActiveX security threat


MS reveals second DirectShow vuln


Security flaw hits Internet Explorer

(IT Pro)

Microsoft warns of live Internet Explorer exploit

(PC Pro)

Microsoft warns of a security hole

(The Inquirer)

Hackers attack DirectX bug in Internet Explorer

(PC Advisor)