Windows Video ActiveX Control RCE Vulnerability Actively Exploited in Attacks

What happened

The U.S. cybersecurity agency CISA added a critical remote code execution vulnerability in the Windows Video ActiveX Control, tracked as CVE-2008-0015, to its Known Exploited Vulnerabilities catalog after confirming active exploitation. Attackers exploit the flaw using malicious web pages that load vulnerable ActiveX controls in Microsoft Internet Explorer, allowing arbitrary code execution with the privileges of the logged-in user. Although Microsoft released patches in 2008, exploitation persists because unpatched legacy systems and outdated components remain in use. CISA has directed federal agencies to mitigate or discontinue affected software by March 10, 2026. 

Who is affected

Organizations and users running legacy Microsoft Windows systems with vulnerable ActiveX Control components, particularly those still using Internet Explorer, are affected if patches or mitigations have not been applied. 

Why CISOs should care

The active exploitation of a long-patched vulnerability highlights ongoing risks from legacy software and unsupported components, which can expose enterprise systems to compromise if not properly updated or retired. 

3 practical actions

• Apply Microsoft security patches. Ensure affected systems are updated with available mitigations for CVE-2008-0015. 
• Disable unnecessary ActiveX controls. Prevent exploitation through vulnerable browser components. 
• Upgrade or retire legacy systems. Replace unsupported Windows versions and outdated browsers such as Internet Explorer.