Attacks Launched Against Unpatched Windows Bug

For the second time in less than a week, Microsoft has acknowledged that attackers are exploiting a critical, unpatched flaw in Windows to snatch PCs from their owners. The new bug, which is in an ActiveX component of Microsoft XML Core Services 4.0 -- a service that lets developers use scripting languages such as JavaScript and Visual Basic to access XML documents -- is being put to work now by attackers, Microsoft admitted in a security advisory posted late Friday.

"We are aware of limited attacks that are attempting to use the reported vulnerability," said Ben Richeson, a program manager with the Microsoft Security Response Center, in a blog entry Saturday. "We'll continue to monitor the situation and provide updates should the situation change," Richeson added. A hacker can hijack PCs running Windows 2000, Windows XP SP2, or Windows Server 2003 by enticing Internet Explorer-equipped users to a malicious Web site, where the vulnerability would be exploited.

View: The full story
News source: CRN

Report a problem with article
Previous Story

Microsoft Mobile 10.7 Beta Refresh

Next Story

AMD brings next-generation graphics to the Apple Power Mac

5 Comments

Commenting is disabled on this article.

Microsoft just released an Important MSXML 4.0 SP2 security update to autoupdate for Windows Vista. ( Updating as i write this. )

So I guess XP should be up next.