Hackers Target Unpatched Windows Bug
Security experts are warning about a newly discovered, and unpatched, vulnerability in an XML module on most versions of Microsoft’s Windows operating system.
Researchers at Symantec say they discovered the flaw — which affects all supported Windows versions except Windows 2003 — in the XML components of the XMLHTTP 4.0 ActiveX control. That ActiveX control provides interoperability between applications based on XML and Microsoft’s Jscript and VBScript programming languages.
According to Symantec, the vulnerability allows hackers to hijack PCs simply by luring Internet Explorer users to malicious Web sites.
Microsoft has issued a statement indicating it is investigating reports of the vulnerability and is aware of a limited number of attacks attempting to exploit it.
