Windows has never seen a dangerous zero-day vulnerability

The new vulnerability belongs to the "extremely serious" category, present inside all Windows versions, except Windows 2003 and shows signs of being exploited by hackers.

According to the latest Microsoft warning, this vulnerability relates to XMLHTTP 4.0 ActiveX Control feature inside Core Service 4.0. Core Service technology ensures connectivity between standard XML 1.0-based applications with Microsoft's Jsript, VBScript and Visual Studio 6.0 programming environments.

Source: breathedeeply Microsoft said it has recorded a number of "deep drilling" attacks on this vulnerability. The company did not disclose how dangerous the vulnerability was, but security firm Secunia evaluated the vulnerability as "extremely serious" (extremely Critical) - its highest point ever.

According to Secunia, the vulnerability allows an attacker to gain full control of the system. They can trick users into accessing a cleverly crafted website, or even a subpage within popular virtual forums like MySpace. In addition, they can also advertise on an intermediate website and entice users to click on it.

However, security firm president Sunbelt Software did not share the same opinion with Secunia. He said only one site was discovered that exploited the vulnerability and exploited it again . ineffectively.

Microsoft is conducting a vulnerability check before deciding whether or not to release the emergency patch for it. If only rated as "medium serious", this vulnerability will be blocked with Microsoft's next month's security release.

Trong Cam