Original URL: http://www.channelregister.co.uk/2006/11/06/0-day_windows_bug/
0-day bug shatters Windows
Mother, it's happening again
Posted in Software & Security, 6th November 2006 14:30 GMT
Free whitepaper – Solid State Drives and High-Speed Memory
Security researchers have identified an unpatched vulnerability in Windows. The flaw - which affects all supported versions of Windows bar Windows 2003 - resides in a security bug in Microsoft XML Core Services, specifically an unspecified security bug in the XMLHTTP 4.0 ActiveX Control.
The flaw creates a means for hackers to inject malware onto the PCs of surfers running IE who visit a website hosting malicious code that attempts to harness the security bug. Security notification firm Secunia says [1] that the vulnerability is being actively exploited by hackers.
Microsoft has posted an advisory [2] conceding the problem and suggesting possible workarounds, which basically involve disabling the affected ActiveX control, ahead of the arrival of a patch. ®