News of a newly discovered zero-day exploit is percolating across the Web as I type. But, while the hole is pretty serious, there's still a lot of confusion as to how many users are at risk. And to be clear, there are no attacks going on in the wild that we know of at this point.
This particular flaw is not in a piece of Microsoft software but in third-party software that Microsoft includes as part of its DirectX Media Software Developers Kit (SDK). Like many exploits we've seen lately, this is in the form of an ActiveX control – a technology Microsoft developed in the late 90s for creating plug-ins for various programs, especially Internet Explorer.
How to get attacked? First you have to have the flawed ActiveX control on your PC. According to security researcher Secunia, this one is from Live Picture Corp. and it's called DXSurface.LivePicture.FLashPix.1 (DXTLIPI.DLL).