Zero-day ActiveX Hole in Windows XP Under Attack

Crooks are going after a new security flaw involving the Microsoft Video ActiveX Control in Windows XP and Server 2003, Microsoft today announced.

Redmond's Security Advisory 972890 details the new threat, which could allow for a drive-by-download infection if you simply view a poisoned Web page using Internet Explorer - no click required. Windows Vista and 2008 are not affected, but Microsoft still recommends that users of those operating sytems apply the workaround (see below) as a precautionary measure. Also, while Microsoft's advisory doesn't specify which versions of IE are vulnerable, additional analysis from Symantec says that IE 6 and 7 are at risk, but the new IE 8 is not.

There are already active attacks against the new hole, according to both the advisory and another Symantec post, which states that "thousands of websites have been compromised and are now hosting the exploit for this issue." Microsoft says there are no known legit uses for the afflicted ActiveX control, and is providing a 'Fix it' workaround solution to disable it while the company works on a patch.

To apply the fix, visit Microsoft's Knowledge base article 972890 and click the "Enable workaround" Fix it link. Then run the downloaded .msi file to disable the ActiveX control. To reverse the change, download and run the .msi from the "Disable workaround" link.

Subscribe to the Security Watch Newsletter

Comments