Sign up to our free weekly IndyTech newsletter delivered straight to your inbox
Sign up to our free IndyTech newsletter
Microsoft has taken the rare step of warning about a serious computer security vulnerability it hasn't fixed yet.
The vulnerability disclosed yesterday affects Internet Explorer users whose computers run the Windows XP or Windows Server 2003 operating software.
It can allow hackers to remotely take control of victims' machines. The victims don't need to do anything to get infected except visit a website that's been hacked.
Security experts say criminals have been attacking the vulnerability for nearly a week. Thousands of sites have been hacked to serve up malicious software that exploits the vulnerability. People are drawn to these sites by clicking a link in spam email.
The so-called "zero day" vulnerability disclosed by Microsoft affects a part of its software used to play video.
The problem arises from the way the software interacts with Internet Explorer, which opens a hole for hackers to tunnel into.
Microsoft urged vulnerable users to disable the problematic part of its software, which can be done from Microsoft's support website, while the company works on a "patch" - or software fix - for the problem.
Subscribe to Independent Premium to bookmark this article
Want to bookmark your favourite articles and stories to read or reference later? Start your Independent Premium subscription today.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies