Microsoft has posted Security Advisory 972890 to warn its users that it is responding to a privately reported vulnerability in the Microsoft Video ActiveX Control that hackers are actively attempting to exploit. The vulnerability could allow for an attacker to gain the same user rights as the local user if the victim is running Windows Server 2003 or Windows XP. The software giant emphasized that Windows 2000, Windows Vista, and Windows Server 2008 are not vulnerable. Furthermore, when using Internet Explorer, code execution is remote and may not require any user intervention. The company also noted that it is currently working on a security update for Windows to address the flaw and will release it broadly once it has reached an appropriate level of quality.

Click here to read the rest of this article