United States, local time the evening of July 6, Microsoft has released to the global users the latest security notice (Security Advisory 972890), confirmed that Windows XP, Windows Server2003 video control system, there is a loophole.

Use of the loopholes that hackers can use IE browser, without the user doing anything to operate on a user’s computer will be able to obtain local control. Microsoft claims that the Internet has emerged for this vulnerability to attack.

Microsoft said in the notice had not yet been found for the video control all types of malicious use of the logo, but recommends that Windows XP and Windows Server 2003 the user cancels the IE browser to the list of categories to support the logo. Although Vista and Windows 2008 users from the impact of the vulnerability, but Microsoft also suggested that these users support the abolition of the controls. Users can manually set the registry approach to the prohibition of IE browser to run the video controls.

Microsoft claimed in the notice, the full development of the loopholes being patched, but the release did not disclose a specific date for security patches. It was learned that the loopholes in DirectShow video development kit from the relevant components, and in May this year discovered the “DirectShow Video Development package “0day vulnerabilities are part of the same type, easy to use by hackers to conduct” page linked to horse “attacks, so that the visitor’s computer to automatically download and install any Trojans.