Microsoft has warned its customers that three critical updates to Windows operating systems will be delivered tomorrow, with one an active fix to a flaw that is currently being exploited through Asian websites.
A vulnerability has been made known that affects the “MPEG2TuneRequest ActiveX Control Object”, with the company warning that “A browse-and-get-owned attack vector exists” for the flaw.
What this means is that if a user opens a website containing a piece of code that can exploit the flaw, hackers could take control of that user’s computer.
Another flaw takes advantage of a vulnerability in ‘DirectShow’ that allows a file in the movie-player QuickTime to trigger a remote code execution, potentially harming a user’s computer.
Microsoft has not revealed the nature of the third patch to be released, so it is likely that this vulnerability is not being exploited. The updates will apply to all supported versions of Windows.