Microsoft warns of Visual Studio 2005 flaw

By
Follow google news

The Microsoft software used by programmers to develop web services is suffering from a serious zero-day vulnerability that is being actively exploited to execute remote code, the software giant announced in an advisory late Tuesday.


Visual Studio 2005 contains a flawed WMI Object Broker ActiveX control that is exploitable by a malicious website viewed on Internet Explorer (IE), vulnerability reporting firm Secunia said today in an advisory. The company rated the bug "extremely critical," its most severe rating.
"An attacker who successfully exploited this vulnerability could take complete control of the affected system," the Microsoft advisory says. "In a web-based attack scenario, an attacker would host a website that exploits this vulnerability."
However, in what the Redmond, Wash.-based company calls "mitigating factors," for the exploit to work, a user would need to follow a phishing link to reach the malicious website.
Users also are presumably safe if they are running IE 7 because the just-released web browser upgrade turns off the affected ActiveX control by default.
The vulnerability remains unpatched, but Microsoft said it expects to issue a fix in an upcoming security update. The next scheduled patch release is Nov. 14.
As a workaround, the Microsoft advisory suggests users set the kill-bit for the affected ActiveX control. The kill-bit is a feature that prevents ActiveX execution in a user's web browser.
Click here to email Dan Kaplan.
Got a news tip for our journalists? Share it with us anonymously here.
Tags:
flawmicrosoftofsecuritystudiovisualwarns

Sponsored Whitepapers

Fintech compliance made fast and secure
Fintech compliance made fast and secure
How to evaluate SIEM solutions Safeguarding your future Get a demo Download guide
How to evaluate SIEM solutions Safeguarding your future Get a demo Download guide
2025 Security operations insights: Three-quarters of security leaders need something new in SIEM
2025 Security operations insights: Three-quarters of security leaders need something new in SIEM
Sumo Logic named in the 2025 Gartner Critical Capabilities for Security Information and Event Management (SIEM)
Sumo Logic named in the 2025 Gartner Critical Capabilities for Security Information and Event Management (SIEM)
The cloud tipping point
The cloud tipping point

Events

Most Read Articles

University of Sydney "online IT code library" breached

University of Sydney "online IT code library" breached
NSW Health clinicians "normalise" bypass of cyber security controls

NSW Health clinicians "normalise" bypass of cyber security controls
UK government was hacked in October, minister confirms

UK government was hacked in October, minister confirms
ServiceNow nears deal to buy cyber security startup

ServiceNow nears deal to buy cyber security startup
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio

Log In

  |  Forgot your password?