ActiveX Vulnerability

by Michael on November 7th, 2006 in Industry and Security News, Security Alerts.

Todays security news: Microsoft has released a new Security Advisory based on a vulnerability in part of the Microsoft XML Core Services 4.0, which could allow for remote code execution. The vulnerability is caused by an error in XMLHTTP 4.0 ActiveX Control.

Malicious hackers have reportedly already begun to exploit the flaw, which has not yet been patched.

Attackers may use this function to host a website designed to exploit the vulnerability through Internet Explorer; an attacker wouldn't have a way to force you to visit these websites, but would "persuade" you to click a link in an e-mail, instant message, or banner ad, Microsoft says.

How do you know if you're affected? Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows Server 2003 and Windows Server 2003 Service Pack 1 are on the list of affected software.

Windows Server 2003 and Windows Server 2003 Service Pack 1, in their default configurations (with the Enhanced Security Configuration turned on), are not affected, the advisory says.

This is Microsofts second major zero-day vulnerability during the past week.

Microsoft says they will release a security update either as part of their monthly patch cycle (the second Tuesday of every month, for those of you not in the "Patch Tuesday" loop), or as an out-of-cycle update.

We'll keep you posted. In the meantime, make sure your system is updated and don't click on any suspicious links!

No votes yet

Facebook Comments Box


Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

Download adaware antivirus 12
No thanks, continue to
close x

Discover the new adaware antivirus 12

Our best antivirus yet

Download Now