Microsoft has released information on a serious security flaw in Internet Explorer 6 & 7 that could allow hackers to connect remotely.
The security hole was found in an Active X video control player that is used in the browser on Windows XP or Windows Server 2003 systems. The company’s older Internet Explorer 6 and 7.0 are both affected.
“An attacker who successfully exploited this vulnerability could gain the same user rights as the local user,” Microsoft said in a Monday blog post.
Microsoft said there have already been some security breaches, but the glitch has not yet been fixed.
“Microsoft is currently working to develop a security update for Windows to address this vulnerability and will release the update when it has reached an appropriate level of quality for broad distribution,” the company said.
The announcement is unusual, as such advisories typically come after Microsoft has resolved the problem.
Users are advised to deactivate the video ActiveX control until the fix is available.
Those who are using Windows Vista or Windows Server 2008 are not affected by the advisory, Microsoft said.