Microsoft has issued a warning to users to update their computers after it was found that that hackers are using an Internet Explorer ActiveX component to take over their systems.
The IT giant said that the attacks began after a flaw was revealed in the Microsoft Video ActiveX control that allowed hackers to remotely control their victims' machines.
"When the ActiveX control is used in Internet Explorer, the control may corrupt the system state in such a way that an attacker could run arbitrary code," the firm said. "Microsoft is currently working to develop a security update for Windows to address this vulnerability."
The systems become vulnerable after victims visit websites that have been hacked and injected with malicious software. People are drawn to these sites by clicking a link in a spam email.
Microsoft believes that the flaw exists in Windows XP and Windows Server 2003 systems only, while Windows Vista and Server 2008 are not susceptible to the malicious attack.
Microsoft has advised users to disable the vulnerable component and has set out guidelines on its website on how to deactivate the component. The vulnerable control can also be manually disabled through a "kill bit".
Copyright © Press Association 2009
