A remote control vulnerability exists in Microsoft Windows – particularly Internet Explorer. A user could infect his/her computer by visiting a Web page or viewing an HTML e-mail message that an attacker has configured to exploit this vulnerability. A successful attacker could take complete control of an infected system. Anti-virus and anti-spyware software will NOT protect against this type of problem.
Microsoft has released a patch for this bug. Thus, users should be sure that Windows Update has been run. A web page to test whether your computer is correctly patched is available at http://www.isotf.org/zert/testvml.htm. If Internet Explorer locks up and/or crashes when trying to load this page, then your computer is not patched for this problem. If your computer is patched, then the page will load and 2 colored boxes will appear on the screen.
We’ve also been adding detection to our various offerings. Customers can also visit Windows Live OneCare Safety Scanner and are encouraged to use the Full Service Scan option to check for and remove malicious software that take advantage of this vulnerability. Also, Windows Live OneCare users who’s current status is green, are already protected from known malware that uses this vulnerability to attempt to attack systems.