Microsoft warns of serious computer security hole

Vulnerability could let hackers remotely control machines

Published: Monday, July 6, 2009 8:41 p.m. MDT
 |  E-MAIL | PRINT | FONT + - 

SAN JOSE, Calif. — Microsoft Corp. has taken the rare step of warning about a serious computer security vulnerability it hasn't fixed yet.

The vulnerability disclosed Monday affects Internet Explorer users whose computers run the Windows XP or Windows Server 2003 operating software.

It can allow hackers to remotely take control of victims' machines. The victims don't need to do anything to get infected except visit a Web site that's been hacked.

Security experts say criminals have been attacking the vulnerability for nearly a week. Thousands of sites have been hacked to serve up malicious software that exploits the vulnerability. People are drawn to these sites by clicking a link in spam e-mail.

The so-called "zero day" vulnerability disclosed by Microsoft affects a part of its software used to play video. The problem arises from the way the software interacts with Internet Explorer, which opens a hole for hackers to tunnel into.

Microsoft urged vulnerable users to disable the problematic part of its software, which can be done from Microsoft's Web site, while the company works on a "patch" — or software fix — for the problem.

Story continues below

Microsoft rarely departs from its practice of issuing security updates the second Tuesday of each month. When the company, based in Redmond, Wash., does issue security reminders at other times, it's because the vulnerabilities are very serious.

A recent example was the emergency patch Microsoft issued in October for a vulnerability that criminals exploited to infect millions of PCs with the Conficker worm. While initially feared as an all-powerful doomsday device, that network of infected machines was eventually used for mundane moneymaking schemes like sending spam and pushing fake antivirus software.

Recent comments

Firefox is lame software. Try using Opera as an alternative.

No Firefox Fan | July 7, 2009 at 6:53 a.m.

is called Firefox. Google it if you haven't heard of it.

Internet...

The patch | July 6, 2009 at 9:17 p.m.

There's no patch yet, but I'm sure it will be easy to find once it...

Re: Brian | July 6, 2009 at 9:03 p.m.

previousnext

Latest comments

Jazz will have full lineup tonight

Korver is more than just a 3 point shooter. If you are playing the Jazz with...

Look to see who is on the floor at the END of the next three games. Tonight...

I think this was such a great program to implement in this community at...

Not the best intro. Please stop with the Max Hall stuff. He said...

LDS quarterback D-II Heisman nominee

But I had to click on the LDS Newsline tab before this story came up. I...

re: Bubble 2010, here we come! | 3:21 p.m. Dec. 14, 2009 Like one expert...

I don't think it was premeditated. Prolly got into an argument and something...

Just who have you fought to protect so far?

It is for people who do things like this that we NEED the death penalty in...

You sound like a very disgruntled BYU fan who is jealous of BSU's success and...

Advertisements