Attackers are actively exploiting a new zero-day flaw in Microsoft Visual Studio 2005, and the software giant has released a set of workarounds IT administrators can use to blunt the threat.
In the advisory posted on the company's TechNet Web site, Microsoft said it's investigating reports of a vulnerability in an ActiveX control that's part of Visual Studio 2005 on Windows. Attackers could exploit the flaw to run malicious code on targeted machines.
"We are aware of proof-of-concept code published publicly and of the possibility of limited attacks that are attempting to use the reported vulnerability," Microsoft said. "Customers would need to visit an attacker's Web site to be at risk."
When the investigation is completed, Microsoft said it will take the appropriate action to help protect customers. "A security update will be released through our monthly release process or an out-of-cycle security update will be provided, depending on customer needs," the company said.
In its advisory on the threat, Danish vulnerability clearinghouse Secunia said the problem is an unspecified error in the WMI Object Broker ActiveX Control (WmiScriptUtils.dll).
"Successful exploitation allows execution of arbitrary code when a user visits a malicious Web site using Internet Explorer," Secunia said. "The vulnerability is already being actively exploited."
The firm rated the flaw "extremely critical," its highest threat level. The rating is designated for remotely exploitable vulnerabilities that can lead to a full system compromise.
To blunt the threat, Microsoft recommends IT administrators take the following actions:
- Prevent the WMI scripting control from running in Internet Explorer.
- Configure Internet Explorer to prompt before running active scripting or disable Active scripting in the Internet and Local intranet security zone.
- Set Internet and Local intranet security zone settings to "high" to prompt before running ActiveX controls and active scripting in these zones.