Tuesday July 7th, 2009.
It is the first Tuesday of the month, so there will be no regular updates from Microsoft today. Instead on Monday Microsoft released a warning regarding a serious security hole that affects Internet Explorer on Windows XP and Server 2003.
It can allow hackers to remotely take control of victims’ machines. The victims don’t need to do anything to get infected except visit a Web site that’s been hacked.
Security experts say criminals have been attacking the vulnerability for nearly a week. Thousands of sites have been hacked to serve up malicious software that exploits the vulnerability. People are drawn to these sites by clicking a link in spam e-mail.
The so-called “zero day” vulnerability disclosed by Microsoft affects a part of its software used to play video. The problem arises from the way the software interacts with Internet Explorer, which opens a hole for hackers to tunnel into.
According to reports, currently there is no fix available from Microsoft, but there is a workaround.
http://support.microsoft.com/kb/972890#FixItForMe
Interestingly Microsoft might use this announcement to convince people to upgrade to Windows Vista or Windows 7.