IE at risk from zero day ActiveX flaw - Vista safe?
Microsoft has issued a new security advisory for a critical security issue that could potentially enable an attacker to take control of a users PC by way of Internet Explorer (IE).
The flaw stems from an issue in the Microsoft Video ActiveX Control. Microsoft has noted in its advisory that it is currently aware of attacks related to this flaw. Microsoft offers a work-around in its advisory to let users disable the ActiveX Control in question. According to the advisory Microsoft is currently working on a security update to fix the flaw as well. In my view this is likely to be an out of band update, though seeing as patch Tuesday is tomorrow we could get early too.
Microsoft advisory notes that the update will be released, "...when it has
reached an appropriate level of quality for broad distribution."
"Our investigation has shown that there are no by-design uses for this
ActiveX Control in Internet Explorer which includes all of the Class
Identifiers within the msvidctl.dll that hosts this ActiveX Control," Microsoft's advisory states.