Microsoft warns of serious computer security hole

Microsoft Windows XP logo

(AP) -- Microsoft Corp. has taken the rare step of warning about a serious computer security vulnerability it hasn't fixed yet.

The disclosed Monday affects Internet Explorer users whose computers run the Windows XP or Windows Server 2003 operating .

It can allow hackers to remotely take control of victims' machines. The victims don't need to do anything to get infected except visit a Web site that's been hacked.

Security experts say criminals have been attacking the vulnerability for nearly a week. Thousands of sites have been hacked to serve up that exploits the vulnerability. People are drawn to these sites by clicking a link in spam e-mail.

The so-called "zero day" vulnerability disclosed by affects a part of its software used to play video. The problem arises from the way the software interacts with Internet Explorer, which opens a hole for hackers to tunnel into.

Microsoft urged vulnerable users to disable the problematic part of its software, which can be done from Microsoft's Web site, while the company works on a "patch" - or software fix - for the problem.

Microsoft rarely departs from its practice of issuing security updates the second Tuesday of each month. When the Redmond, Wash.-based company does issue security reminders at other times, it's because the vulnerabilities are very serious.

A recent example was the emergency Microsoft issued in October for a vulnerability that criminals exploited to infect millions of PCs with the Conficker worm. While initially feared as an all-powerful doomsday device, that network of infected machines was eventually used for mundane moneymaking schemes like sending spam and pushing fake antivirus software.


On the Net:

Microsoft support page:

Join on Facebook!
Follow on Twitter!
©2009 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Explore further

Don't fret about Conficker: Here's what to do

Citation: Microsoft warns of serious computer security hole (2009, July 6) retrieved 15 September 2019 from
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.

Feedback to editors

User comments

Jul 06, 2009
yet another triumph of mediocrity for Microsoft

Jul 06, 2009
Yet another reason to stay well clear of IE

Jul 06, 2009
Another reason to try Linux.

Jul 06, 2009
Right on jimbo!

Jul 07, 2009

ok so thats ID10T user right fkn there right....

LuckyBrandon, haven't you learned that here in the USA all the smart people are responsible for protecting the dumb people from themselves? That's why we have so many lawyers. LOL.

I know how to fix this.... send a spam email that goes to a site that explains to people (in simple terms) the dangers of clicking on links in spam emails. Oh, and put the words "Click me first" in the subjectline!!!! LOLOLOLOL :)

Jul 11, 2009
All kidding aside, these security holes are a serious problem. The compromised computers are often used as a platform to launch massive cyberextortion attacks against anyone who refuses to pay a ransom. These DDoS attacks are very much on the rise, as they are generally successful, profitable, and untraceable -- and it usually costs more to defend against them than to pay the ransom. Also, the extortionists launch these attacks at virtually no cost. These attacks are now happening at the rate of hundreds per DAY. On at least two separate occasions during a 2 year period, my own website was knocked out for several days as collateral damage. My website wasn't even the intended target, but the DDoS attacks were so massive and so successful that they each took out hundreds of websites which just happened to be too close to the target. I only know this because I knew one of the datacenter techs that worked on it; they were telling everyone else that it was "unscheduled maintenance". I have since changed datacenters, but this does not seem to have reduced the incidence of "unscheduled maintenance."

I don't think Microsoft has a responsibility to protect people from their own stupidity; but I do think they have a responsibility to prevent their software from being weaponized into a platform for attacking and extorting innocent people.

Jul 12, 2009
I'm glad I am using Linux. Even if someone writes i virus for all Linux browsers - the virus will still need root access. This means that even if virus executes - it won't be able to do anything with system itself.

Jul 13, 2009
Bah.. just reboot. Everything will be just fine.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more