Microsoft Warns Computer Users about a New Flaw in Video ActiveX
According to a warning released by security researchers, cyber criminals are trying to plant an information stealing Trojan on computers exposed to attacks owing to vulnerability in the Video ActiveX Control of Microsoft, as reported by cbronline on July 6, 2009.
Security experts in China discovered the vulnerability on July 5, 2009. Soon many other security software companies confirmed the finding saying that the vulnerability could be used to execute remote code on affected systems.
Yuval Ben-Itzhak, Chief Technical Officer at Finjan, said - the flaw is zero-day vulnerability until it is resolved or a security update is released. This implies that it could allow a hacker to acquire full control of an affected computer if its user is made to visit a hijacked site, as reported by cbronline on July 6, 2009.
Meanwhile, Microsoft says that unwary computer users might receive e-mails luring them into accessing dangerous websites. Further, attackers exploiting the flaw could load malicious programs; read, modify or erase data; or set up new accounts having all of the user privileges.
Additionally, Ben-Itzhak said, some popular gaming and European music download websites have been compromised along with other sites, implying that malware has already been inserted into them.
He also said that although the number of compromised sites was presently low, an increase was expected during the forthcoming weeks.
Roger Thompson, Chief Research Officer at AVG Technologies, said - for attackers who are responsible for the Conficker virus and its probable infection of huge 12 Million computers globally, the Microsoft vulnerability could be the next target, as reported by mxlogic on July 9, 2009.
Meanwhile, Microsoft has alerted that the flaw specially affects PCs operating with Windows Server 2003 or Windows XP OS.
The Redmond, Washington-based organization, further said that if the ActiveX Control is exploited within Internet Explorer, it might corrupt the machine such that a hacker could execute any arbitrary code, as reported by AFP on July 6, 2009.
According to Microsoft, the company is presently developing a fix for the new Windows vulnerability. Till then, users may deactivate the Microsoft Video ActiveX Control in IE, either automatically or manually.
Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails
» SPAMfighter News - 24-07-2009