/ 7 July 2009

Microsoft sounds computer security alarm

Microsoft on Monday warned of a flawed software in Internet Explorer that hackers can exploit to take over some computers.

The vulnerability was found in a program used in the popular web browser to play video on computers running with Windows XP or Windows Server 2003 operating systems, Microsoft said in a warning posted online.

“An attacker who successfully exploited this vulnerability could gain the same user rights as the local user,” the software giant warned in a security bulletin. “We are aware of attacks attempting to exploit the vulnerability.”

Microsoft said it was working with partners to patch the weakness in ActiveX Video Control involved in capturing, recording or playing video and is also a main component of Windows Media Centre.

Microsoft advised users to deactivate ActiveX Video Control until a fix is available.

“When the ActiveX control is used in Internet Explorer, the control may corrupt the system state in such a way that an attacker could run arbitrary code,” the Redmond, Washington-based company said.

“Microsoft is currently working to develop a security update for Windows to address this vulnerability.”

Hackers can take advantage of the vulnerability when internet users visit websites that have been booby trapped with malicious code. Unsuspecting computer users may get emails enticing them to visit hazardous websites.

Attackers taking advantage of the vulnerability could install programs; view, change or delete data; or create new accounts with full user rights, according to Microsoft. – AFP