Critical’ Flaw in Visual Studio 2005

Software giant Microsoft (Quote) says it is investigating and
may issue an out-of-cycle patch to resolve a bug in an ActiveX
control used by Visual Studio 2005.

The flaw, known as a zero-day
vulnerability, is viewed as “extremely critical” by one security research
firm.

Microsoft said while it knows of proof of concept code published publicly,
it said any exploit would cause only “limited attacks.” The software maker
also released a security advisory suggesting ways users could avoid the flaw.

The vulnerability, part of the WMI Object Broker ActiveX found in the
WmiScriptUtils.dll file, could allow attackers to gain administrator access.
Users would need to visit Web sites that include the exploit, according to
Microsoft.

Additionally, users of Visual Studio 2005 running on Windows Server 2003 or
Windows systems with IE7’s default configuration are not vulnerable to the
exploit.

Microsoft said it would wait until its investigation ends before
deciding whether to issue a fix before its regular patch session.

Danish security firm Secunia rated the flaw “critical” and said on its Web site that it is already being actively exploited.

This article was first published on InternetNews.com. To read the full article, click here.

Ed Sutherland
Ed Sutherland is an eSecurity Planet contributor.

Top Products

Related articles