Microsoft is investigating reports of a vulnerability in a Windows ActiveX control that could allow an attacker to remotely take control of a computer. One security company rated the vulnerability critical, while Microsoft said it allowed only limited attacks.
The vulnerability, which is not patched yet, affects certain versions of Windows running Microsoft XML Core Services 4.0, a set of tools that allows programmers to use scripting languages to access XML documents. The affected versions are Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1.
The SANS Institute classified the flaw as a zero-day vulnerability, meaning the problem is public but not patched. The French Security Incident Response Team called it "critical". Microsoft issues patches for its software on the second Tuesday on the month. The speed at which a patch is issued depends on the risk of the vulnerability, and the company has issues patches out of cycle for widely-exploited vulnerabilities.
View: Full Article @ PC Advisor
16 Comments - Add comment