BlackBerry Advisor BlackBerry reviews Win a BlackBerry

Expert Advice You Can Trust

News19,133 Articles

November 6, 2006

ActiveX triggers ‘critical’ Windows hole

No patch for Microsoft vulnerability

Jeremy Kirk

Microsoft is investigating reports of a vulnerability in a Windows ActiveX control that could allow an attacker to remotely take control of a computer. One security company rated the vulnerability critical, while Microsoft said it allowed only limited attacks.

The vulnerability, which is not yet patched, affects certain versions of Windows running Microsoft XML Core Services 4.0, a set of tools that allows programmers to use scripting languages to access XML documents.

The affected versions are Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1.

A user would have to visit a specially-crafted website that triggers the XMLHTTP 4.0 ActiveX control, Microsoft said. The attacker would then have the same rights on the machines as the current logged-on user, and could gain complete control of the machine.

Users can protect themselves by disabling the affected ActiveX control, although the workaround could stop some websites from functioning correctly. Microsoft describes how to disable the control in an advisory.

The SANS Institute classified the flaw as a zero-day vulnerability, meaning the problem is public but not patched. The French Security Incident Response Team called it "critical”.

Microsoft issues patches for its software on the second Tuesday on the month. The speed at which a patch is issued depends on the risk of the vulnerability, and the company has issues patches out of cycle for widely-exploited vulnerabilities.

Free whitepaper: Phishing for victims - Truth, myth and cybercrime

<<newer story | back to index | older story>>

Submit to:Digg Slashdot Del.icio.us Reddit

What is this?

Subscribe to PC Advisor now and claim your FREE gift

• FREE email newsletters. Get news, reviews and features straight to your inbox
• For videos of the latest products, visit PC Advisor TV
• Sign up for RSS to get the latest news and reviews, direct to your desktop
• Get PC Advisor news, reviews and blogs on your website for free

Keep up to date by adding PC Advisor News to your iGoogle home page or Google Reader

Question of the day!

Does your smartphone replace your need for a laptop when on the move?

Question of the day!

Does your smartphone replace your need for a laptop when on the move?

% of PC Advisor readers agree with you

Yes

TBC

No

TBC

What tasks can your smartphone do that would have traditionally been done on a laptop?

Tweet your answer here...

119 characters remaining

Follow the conversation at @SmartphoneFocus

Mainly email but getting better at spreadsheets etc, RT @IDGdan

Search the web

Search reviews

Search news

Search blogs

best broadband deals

All packages Broadband bundles Broadband only

by Broadband Choices

Recent reviews

• Malwarebytes' Anti-Malware Free review
• Kodak ESP 5250 review
• Fujitsu LifeBook T4410 review
• Kodak ESP 3250 review
• Lenovo ThinkCentre A70z review
• Microsoft SideWinder X4 review
• Sony BDP-S360 review
• Acer Liquid review
• LaCie Sound2 review
• ASUS U50Vg review

Reviews index

Latest reader comments

• I sure do not need 1,000 characters to say that FB pisses me off. No consultation, no "would you...
• Hi Dave, Yes! apple are only doing EXACTLY THE SAME as Microsoft have done for years & years....
• yeah i agree with one of the other users on here...where's the WIN7 or Linux....would be sweeet...
• www.opendns.com
• Why would any parent BUY this product when there are MUCH better ones available for FREE?...

Latest reader comments

Top news

• Microsoft, Google join MediaTek to boost emerging market sales
• Samsung & LG to show social networking phones
• Google adds Nexus One phone support
• BT: We'll open fibre network if other ISPs follow
• iPhone racing BlackBerry smartphone crown

News index

Latest blog entries

• Google plots instant translator for smartphone
• Free and friendly Windows security software? What's the catch?
• Google Books: time for a rethink?
• Apple iPad trademark dispute, and other madness
• Smartphone blogs: Are smartphones good for business?

Blogs index

 Our RSS feeds

Sponsored Content

• Take the internet to new places with the Nokia N800
  Communicate how you want to, where you want to with instant messaging, email and internet calling. View movies, browse the internet wirelessly and watch TV on the high-resolution screen and listen through high-quality stereo speakers with headphone jack.
  Buy now

Latest technology news:

• NASA's Endeavour blasts off on last mission to space station
• Toyota in Prius global recall after braking software fault
• Google Nexus One termination fee gets cut
• Dell to buy data storage firm Exanet
• Windows 2000, XP SP2, Vista RTM support nears end

Sponsored links

• New - BlackBerry Advisor Get hands-on with our exclusive Virtual BlackBerry handset and check out the latest reviews of BlackBerry smartphones and software.

• Crucial Memory Upgrades Go to Crucial.com and use either our Memory Advisor Tool or System Scanner to find a 100% compatible memory upgrade for your system, from the Best Memory Manufacturer of 2008! We offer free delivery, free technical support, and lifetime warranty.

• Award-winning Spyware Doctor with AntiVirus 2010 delivers powerful antivirus and antispyware protection using layered technologies to defend your PC. Download now for a free scan! Discover how our award-winning ThreatFire™ Behavioural Intelligence blocks new threats faster than traditional signature methods.

• PC Advisor Smartphone Focus Latest news and resources on how smartphones are facilitating mobile and flexible working in the enterprise. Find out more and join the discussion here.

• Custom built PCs Visit our website to see our full range of custom-built PCs. Customise any specification and have the order dispatched the next working day. A massive range of PCs - from £250 to £1,000-plus - and a full list of low-cost components are available.

• Free whitepaper Legal risks of uncontrolled email and web use.

• Free whitepaper Is social networking really bad for business?

• Free whitepaper Phishing for victims: Truth, myth and cybercrime.

• Free whitepaper Threat predictions, messaging security issues and trends for 2010.

• Free whitepaper Email archiving: Top 10 myths and challenges.

• Free whitepaper Managing email: Exploring common email management challenges (and how to overcome them).

CIO – Analysis | Opinion | Latest UK IT News | UK Tech News | In Depth | Security | Storage | Outsourcing | Database management | Business strategy | Enterprise software | CIO 100 Companies – Top Users of IT in the UK

ComputerworldUK.com – IT management news and opinion | Computing news | IT and Management | ICT and technology | IT career development & HR | Managing IT infrastructure | Business intelligence | IT whitepapers and research

Digital Arts – the future of Digital Design | Design news | Creative technology reviews | Graphic design tutorials | Animation and video projects | 3D, web and video forums | Design industry blogs

Macworld - Apple news and reviews | Mac Pro & MacBook reviews | Mac OS X and software | iPod, iTunes news and reviews | Professional design, music and video | Digital lifestyle - iLife and photography | Mac business applications | Mac educational computing

MacVideo – the ultimate resource for video on the Mac | Video Editing | Camera Technology | DVD Authoring | Video Encoding | Motion Graphics and VFX

Techworld - IT infrastructure & networking news and reviews | VOIP | Data storage | Network Security | Wireless Network | Network Monitoring | Operating systems and servers | Enterprise computing topic pages | Virtualisation

PC World | PC Welt | PC World Australia | PC World Norway | PC World Poland | PC World France