Yesterday Microsoft announced that they are investigating a privately reported vulnerability in Microsoft Video ActiveX Control. If an attacker success in exploiting this vulnerability, he could gain the same rights as the local user. And now to the “sad” (and some what expected) part: When using Internet Explorer it could all happen without you knowing it, it’s done remote and does not require any user intervention.
Microsoft recommends that Windows XP and Windows Server 2003 customers remove support for this ActiveX Control within Internet Explorer. Though unaffected, they also recommend that Windows Vista and Windows Server 2008 customers apply the same measures.
Visit the Workaround section in Microsoft KB#972890 for more information on how to remove support for the ActiveX Control.
Microsoft is currently working to develop a security update for Windows to address this vulnerability and will release the update when it has reached an appropriate level of quality for broad distribution.