Zero-day ActiveX Hole in Windows XP Under Attack

http://www.pcworld.com/article/167914/zeroday_activex_hole_in_windows_xp_under_attack.html

... the new threat which could allow for a drive-by-download infection if you simply view a poisoned Web page using Internet Explorer - no click required. Windows Vista and 2008 are not affected ... Also, while Microsoft's advisory doesn't specify which versions of IE are vulnerable, additional analysis from Symantec says that IE 6 and 7 are at risk, but the new IE 8 is not.

http://www.internetnews.com/security/article.php/3828431/Microsoft+Warns+of+New+Zeroday+Bug+for+XP.htm

http://www.theregister.co.uk/2009/07/06/new_microsoft_exploit_in_wild/

"An attacker who successfully exploited this vulnerability could gain the same user rights as the local user," company security representatives wrote. "When using Internet Explorer, code execution is remote and may not require any user intervention."

What about other browsers?

can noscript protect us from it?

Why always windows OS has to encounter all threats? :(

I'm using winXP with IE 8 but every body else adviced me to use firefox. Then what about Firefox will it be safe from this Zero-day ActiveX hole.

^ Firefox doesn't support ActiveX, so yes you'll be safe from this attack if you are using it. Moreover, you should always keep your windows, antivirus, firewall and any other programs that access internet updated on Windows.

You are pretty much safe if you got a decent firewall running, and know how to define the rules.