Microsoft warns its users of Internet Explorer vulnerability in its Video ActiveX Control that affects computers running on Windows XP and Windows Server 2003. Microsoft says that they have been working on a security update to fix this. While that happens, Microsoft advises its users to prevent Microsoft Video ActiveX Control from running in Internet Explorer.
The Microsoft Video ActiveX Control connects DirectShow filters for video and is used in Windows Media Center. When the control runs in IE, it can corrupt the system so that a hacker can run arbitrary code.
What does it do?
This vulnerability can allow easy access to hackers to remotely control the victims’ machine. All one has to do is visit a website by clicking a link in spam e-mail, and that does it. This has been going on for a week now and over thousand sites have been hacked to serve up malicious software by the cyber criminals.
Work-around?
To implement the workaround that disables the Microsoft Video ActiveX Control automatically on a computer that is running Windows XP or Windows Server 2003, visit Microsoft’s “Fix it for me” option. This is recommended for users who have their computers running on Windows Vista and Windows Server 2008.
(Source: Microsoft TechNet)