Microsoft is warning users to update their systems following the discovery of a new attack targeting an Internet Explorer ActiveX component.
The company said that it has received reports of attacks in the wild targeting the flaw in the Microsoft Video ActiveX control to remotely execute code on targeted systems.
ActiveX controls, which allow Internet Explorer to use external components to load various document and file types, have been a prime target for attackers looking to remotely install malware on user systems.
The attack code is usually embedded within a web page to allow a covert attack and installation.
According to Microsoft, the component itself does not have any legitimate use, and the flaw is only believed to exist in Windows XP and Windows Server 2003 systems. Windows Vista and server 2008 are not believed to be vulnerable to the attack.
However, Microsoft is advising that users and administrators take action to disable the vulnerable component. The company has posted a support page for users which offers a script to deactivate the component.
Users can also manually disable to control by setting a killbit to disable the vulnerable component.
.jpg&h=140&w=231&c=1&s=0)
Melbourne Cloud & Datacenter Convention 2026
iTnews Executive Retreat - Data & AI Edition
.png&w=120&c=1&s=0)
iTnews Cloud Covered Breakfast Summit
iTnews State of Security Breakfast
The 2026 iAwards
_(1).jpg&h=140&w=231&c=1&s=0)
