Technology news and Jobs 
VIRTUALISATION Active exploits for Office ActiveX control
VIRTUALISATION Active exploits for Office ActiveX control | Active exploits for Office ActiveX control |
|
| by Stephen Withers | |
| Tuesday, 14 July 2009 | |
|
Page 1 of 2   
Featured Whitepaper
5 Best Practices for Smartphone Support
According to a Microsoft statement, "Products affected are Microsoft Office XP Service Pack 3, Microsoft Office 2003 Service Pack 3, Microsoft Office XP Web Components Service Pack 3, Microsoft Office Web Components 2003 Service Pack 3, Microsoft Office 2003 Web Components for the 2007 Microsoft Office System Service Pack 1, Microsoft Internet Security and Acceleration Server 2004 Standard Edition Service Pack 3, Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition Service Pack 3, Microsoft Internet Security and Acceleration Server 2006, Internet Security and Acceleration Server 2006 Supportability Update, Microsoft Internet Security and Acceleration Server 2006 Service Pack 1, Microsoft Office Small Business Accounting 2006." A simpler list published elsewhere by Microsoft contains Office XP/2003/2007, BizTalk, ISA Server, and Office Accounting and Business Contact Manager. Office Web Components can also be installed separately. A temporary fix is to apply a kill-bit to the control. This can be done automatically by using the wizard provided on Microsoft's Help and Support site, but administrators are likely to turn to other tools to deploy the kill-bit across their fleets. The kill-bit only prevents the control being used from Internet Explorer. The control has been depreciated for some time, so it is relatively unlikely to be used by current software. Microsoft is investigating the vulnerability, and is working on a security update that will be released at an unspecified time. The vulnerability is being exploited - please read on. |
| < Next story in category | Previous story in the category > |
|---|
