Microsoft has warned Internet Explorer users that attackers are exploiting a critical hole in the browser’s video ActiveX controls.

The flaw could hand control of infected computers over to the hackers, without any user intervention. Microsoft says it’s aware of attackers attempting to exploit the vulnerability.

Microsoft is recommending that users of Windows XP and Windows Server 2003 disable the video ActiveX control, using a workaround published on its website.

The company claims that Vista and Server 2008 users are not affected “because the ability to pass data to this control within Internet Explorer has been restricted”. Nevertheless, the company is still recommending users disable the ActiveX control “as a defence-in-depth measure”.

The Microsoft workaround can be applied manually, via a rather complicated registry edit, or automatically using a pre-prepared fix.

The company claims that disabling the ActiveX control in Internet Explorer will have “no impact on application compatibility”.

Microsoft says it’s currently working on a patch for Internet Explorer to address the problem, and will “release the security update once it has reached an appropriate level of quality for broad distribution”.

ANI