Microsoft verifies 'zero-day' error in Visual Studio

Microsoft yesterday confirmed an extremely serious security flaw that exists in Microsoft Visual Studio 2005 has been taken advantage of in 'zero-day' attacks. The manufacturer said the security error could be exploited to remotely execute malicious code on the system that makes a mistake.

In addition to confirming information, Microsoft has released a security warning message and a temporary solution to help users limit the risk of attacks.

' Malicious code that can attack security flaws in Visual Studio 2005 has been released online and has been used in a number of zero-day attacks ,' Microsoft confirmed in a security warning message.

The security error in Visual Studio 2005 stems from an unknown error in the WMI Object Broker ActiveX Control ( WmiScriptUtils.dll ) object . This is the object used in the WMI Wizard to demonstrate the effect of other control objects.

Microsoft claims that an attacker could take advantage of the security flaw in order to take over the entire control of the system. The attack takes advantage of this vulnerability to attack as follows: An attacker will create a standalone website and use 'social engineering' techniques to trick users into accessing that site. Malicious code attached directly on the website will break into the system through Visual Studio security error, allowing attackers to hijack the system to make mistakes.

Microsoft recommends that Visual Studio 2005 users configure the Internet Explorer browser every time they run an Active Scripting or completely disable this feature when configuring the Internet and Local Networks.

Visual Studio 2005 is an integrated development environment with great tools to help software professionals program software, websites, web applications or web services in an extremely effective way. The latest version Visual Studio has integrated programming languages ​​such as Visual Basic, Visual C ++, Visual C # and Visual J #.

Hoang Dung