Microsoft has confirmed that a critical flaw exists in one of its own ActiveX controls, or mini programs. It is called the Microsoft Video Controller ActiveX Library, and is accessed by (IE) 6 and 7. IE8 is not affected. Windows XP is at risk, but not Vista or Windows 7. This bug could allow an attacker to seize control of your PC.

It appears that the bug has been used by hackers since at least June 9. Attack code can easily be found on the Web to exploit this vulnerability. In fact, researchers at IBM reported the flaw to Microsoft last year. Microsoft could not or would not say why they had not fixed this problem earlier. But they are no doubt trying to come up with a patch in time for the regular monthly update on July 14.

A researcher at AVG Technologies thinks this bug has the potential to be another Conflicker, or worse. exploits a flaw in Windows that was repaired long ago, so all you have to do is keep your Windows up to date. However, this latest threat has no fix yet.

What to do now? Well, you can get the Microsoft tool to disable the control here. It sets a whole bunch of kill-bits in the Windows Registry, which turn off the control. You can also switch to IE8, Firefox or Chrome.

Share and Enjoy:
  • Digg
  • del.icio.us
  • Facebook
  • NewsVine
  • Reddit
  • StumbleUpon
  • YahooMyWeb
  • Google Bookmarks
  • Yahoo! Buzz
  • TwitThis
  • Live
  • LinkedIn
  • Pownce
  • MySpace