Software giant Microsoft has taken the unusual step of warning users about a serious security flaw in its Windows XP and Server 2003 software.
Microsoft, who usually release security updates in one monthly release, opted to draw attention to a specific flaw in Internet Explorer which could allow a hacker to secretly take remote control of a user’s PC, urging customers to update their systems as early as possible.
The flaw, which is exploited when a victim unwittingly visits an infected website, potentially allows hackers to remotely take control of victims’ machines.
It’s thought that cyber-criminals have been attacking the vulnerability, which is found in the video playback system in Internet Explorer, for nearly a week, with thousands of sites reportedly hacked to serve the malicious code and users being tempted into visiting by a spam email campaign.
It isn’t the first time that Microsoft has issued security warnings outside of their usual security release, issued on the second Tuesday in the month. Last October, the company issued a number of warnings over the Conficker worm amid fears over the virus’s capabilities. Ultimately, the virus was not as powerful as first thought, being used predominantly to fake antivirus software scams and push spam email campaigns.
Microsoft urged vulnerable users to disable the problematic part of its software, which can be done from Microsoft’s Web site, while the company works on a “patch” – or software fix – for the problem.
Users are advised to update their antivirus software and close the loophole manually. Details on how to do this are available at http://support.microsoft.com/kb/972890#FixItForMe