Windows Bug Is Second Zero-Day Flaw This Week from Microsoft

An ActiveX flaw in Microsoft XML Core Services 4.0 is actively being exploited by hackers to take control of computers running Windows 2000, XP SP2 or Server 2003, security firms and Microsoft are reporting.


What's worse, for both Redmond and users, is that the flaw is related to a vulnerability supposedly patched in October's patch release, the largest group of patches put out so far. Likely, that patch called attention to further holes.


Secunia is calling the problem "extremely critical." Microsoft has not announced whether it will release an out-of-cycle patch or wait until the next Patch Tuesday; it suggests workarounds involving that old saw -- disabling ActiveX.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.

Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making


SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data