|
IT Developments
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Microsoft warns of attacks on new ActiveX hole
- From: Brian Warkoczeski
- Date: Tue Jul 14 10:11:49 2009
Microsoft warns of attacks on new ActiveX hole
by Elinor Mills
July 13, 2009
www.cnet.com
Attackers are exploiting a new critical ActiveX hole in Microsoft Office
to take control of PCs by luring Internet Explorer users to malicious
Web sites, Microsoft said on Monday.
The zero-day hole, the third one announced by Microsoft in less than two
months, is in Office Web Components ActiveX controls used to display and
publish spreadsheets, charts, and databases to the Web.
It affects Office XP, Office 2003, Internet Security and Acceleration
Server 2004 and 2006, as well as Office Small Business Accounting 2006.
The security advisory details a manual workaround, or people can use
Microsoft's Fix-It tool to implement the workaround automatically.
Microsoft said it was working on a security update to patch the hole.
Antivirus vendor Sophos, meanwhile, said in a blog posting on its site
that it had received reports of several Web sites, mostly in China,
serving the exploit as part of a Web exploit kit that downloads and runs
a Windows Executable detected as "Mal/Generic-A."
|
|
|
