Hackers are exploiting an unpatched vulnerability in Microsoft Video Active X Control to target Internet Explorer users.
The affected component is part of Microsoft DirectShow, and is installed by default with Windows XP. The company said it was already aware of attacks that were exploiting the vulnerability.
Security vendor Symantec said that thousands of websites had been compromised and were now hosting the exploit.
Attackers could exploit the flaw by leading a user to visit a malicious website. Hackers could then silently install code on the victim's computer.
If the hacker is successful, they could install a backdoor to the system, stealing credentials and confidential information.
Windows Server 2003 and Windows XP users with Internet Explorer 6 and 7 were at risk. Symantec said the exploit in the wild did not yet work on Internet Explorer 8, but claimed that it was possible to "trigger" the vulnerability through it.
It also said that preliminary testing showed Windows Vista users were not affected.
Microsoft security program manager Christopher Budd said on the MSRC blog: "We have an investigation into this issue under way as part of our Software Security Incident Response Process (SSIRP) and are working to develop a security update to address the issue."
Microsoft advised all Internet Explorer users to prevent Microsoft Video Active X Control from running, either by manually following the instructions in the workaround section here or automatically using this solution.
In case administrators wanted to block the malicious domains, Sans Internet Storm has a constantly updated list here.
Only last month Microsoft warned about a flaw in Microsoft DirectShow, which hackers exploited using manipulated QuickTime files.
