The SANS Internet Storm Center is reporting that hackers are exploiting a zero-day flaw in the msvidctl.dll component of Microsoft DirectShow to infect computer users visiting compromised legitimate websites.
The flaw means that if you visit an affected website, hackers could silently install code onto your computer by exploiting a vulnerability on your Windows computer. What’s worse is that there is no official patch yet from Microsoft for the problem.
As it’s versions of Internet Explorer that are affected, some users may feel more comfortable using non-Microsoft web browsers until a fix is available. (Of course, other browsers may have any number of flaws of their own – it’s not as if there is any 100% secure web browser).
The good news for Sophos customers is that our anti-virus products detect samples of the exploit seen in circulation as…
Read more in my article on the Naked Security website.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.