This vulnerability has nothing to do with downloading software. Any user can be affected by visiting a site that has been hacked, and there are thousands that have already. In fact, hackers have known about this hole in Microsoft’s Active X Control for a week.

According to Microsoft Corp., the vulnerability has not been fixed, but they’re offering a work around in the mean time.

The vulnerability disclosed Monday affects Internet Explorer users whose computers run the Windows XP or Windows Server 2003 operating software.

How do hackers exploit this vulnerability? It can allow hackers to remotely take control of victims’ machines. The victims don’t need to do anything to get infected except visit a Web site that’s been hacked.

Do not click on any links that may look suspicious in emails or links shared through social networks.

To apply the fix, visit Microsoft’s Knowledge base article 972890 and click the “Enable workaround” Fix it link. Then run the downloaded .msi file to disable the ActiveX control. To reverse the change, download and run the .msi from the “Disable workaround” link.