Security flaw hits Internet Explorer
Microsoft has warned that a dangerous unpatched zero-day bug is leaving Internet Explorer users open to attack.

Hackers are exploiting an unpatched vulnerability in Microsoft Video Active X Control to target Internet Explorer users.
The affected component is part of Microsoft DirectShow, and is installed by default with Windows XP. The company said it was already aware of attacks that were exploiting the vulnerability.
Security vendor Symantec said that thousands of websites had been compromised and were now hosting the exploit.
Attackers could exploit the flaw by leading a user to visit a malicious website. Hackers could then silently install code on the victim's computer.
If the hacker is successful, they could install a backdoor to the system, stealing credentials and confidential information.
Windows Server 2003 and Windows XP users with Internet Explorer 6 and 7 were at risk. Symantec said the exploit in the wild did not yet work on Internet Explorer 8, but claimed that it was possible to "trigger" the vulnerability through it.
It also said that preliminary testing showed Windows Vista users were not affected.
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
Microsoft security program manager Christopher Budd said on the MSRC blog: "We have an investigation into this issue under way as part of our Software Security Incident Response Process (SSIRP) and are working to develop a security update to address the issue."
Microsoft advised all Internet Explorer users to prevent Microsoft Video Active X Control from running, either by manually following the instructions in the workaround section here or automatically using this solution.
In case administrators wanted to block the malicious domains, Sans Internet Storm has a constantly updated list here.
Only last month Microsoft warned about a flaw in Microsoft DirectShow, which hackers exploited using manipulated QuickTime files.
-
The race is on for Higher Ed to adapt: Equity in hyflex learning
Hyflex courses can improve student wellbeing and engagement, but only with meeting technology that leaves no one behind
-
Gen Z workers are keen on AI in the workplace – but they’re still skeptical about the hype
News Younger workers could lead the shift to AI, but only think it can can manage some tasks
-
Vulnerability management complexity is leaving enterprises at serious risk
News Fragmented data and siloed processes mean remediation is taking too long
-
The threat prevention buyer's guide
Whitepaper Find the best advanced and file-based threat protection solution for you
-
Beat cyber criminals at their own game
Whitepaper A guide to winning the vulnerability race and protection your organization
-
Supply chain as kill chain
Whitepaper Security in the era Zero Trust
-
Same cyberthreat, different story
Whitepaper How security, risk, and technology asset management teams collaborate to easily manage vulnerabilities
-
Microsoft under fire for “negligent” security practices in scathing critique by industry exec
News Microsoft took more than 90 days to issue a partial fix for a critical Azure vulnerability, researchers found
-
Apple patches zero day linked to spyware campaign
News Kaspersky researchers were the first to report a zero day used in a sophisticated attack chain
-
Three steps to transforming security operations
Whitepaper How to be more agile, effective, collaborative, and scalable