Security Market Segment LS
Tuesday, 14 July 2009 06:52

Active exploits for Office ActiveX control

Another ActiveX control is under attack. This time it is one installed alongside Office and several other Microsoft products.

A vulnerability in the Spreadsheet ActiveX control - part of Microsoft Office Web Components - can be remotely exploited to gain the same rights as the local user, Microsoft officials have warned.

According to a Microsoft statement, "Products affected are Microsoft Office XP Service Pack 3, Microsoft Office 2003 Service Pack 3, Microsoft Office XP Web Components Service Pack 3, Microsoft Office Web Components 2003 Service Pack 3, Microsoft Office 2003 Web Components for the 2007 Microsoft Office System Service Pack 1, Microsoft Internet Security and Acceleration Server 2004 Standard Edition Service Pack 3, Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition Service Pack 3, Microsoft Internet Security and Acceleration Server 2006, Internet Security and Acceleration Server 2006 Supportability Update, Microsoft Internet Security and Acceleration Server 2006 Service Pack 1, Microsoft Office Small Business Accounting 2006."

A simpler list published elsewhere by Microsoft contains Office XP/2003/2007, BizTalk, ISA Server, and Office Accounting and Business Contact Manager. Office Web Components can also be installed separately.

A temporary fix is to apply a kill-bit to the control. This can be done automatically by using the wizard provided on Microsoft's Help and Support site, but administrators are likely to turn to other tools to deploy the kill-bit across their fleets.

The kill-bit only prevents the control being used from Internet Explorer. The control has been depreciated for some time, so it is relatively unlikely to be used by current software.

Microsoft is investigating the vulnerability, and is working on a security update that will be released at an unspecified time.

The vulnerability is being exploited - please read on.

According to Sophos, websites hosting exploits for this vulnerability are mainly located in China.

"Given the popularity of the software affected, the severity, and the lack of a patch, SophosLabs has assigned this vulnerability a rating of Critical," company officials said.

Security software vendors are addressing the issue. For example, Check Point says it has already updated its Endpoint Security and ZoneAlarm products, while Sophos is "in the process of collecting all known samples and publishing detection for them" according to the company's most recent blog posting.

Another ActiveX control is due to be fixed by Microsoft this week.

A vulnerability in the MPEG2TuneRequest ActiveX Control Object is reportedly being exploited via thousands of compromised web sites in China and other parts of Asia.

Both of these ActiveX flaws could be exploited in a "'browse and get owned' scenario" according to Microsoft security officials.

Also expected in this month's Patch Tuesday updates are fixes for the DirectShow vulnerability, a flaw affecting all currently supported versions of Windows, and flaws in Publisher, ISA Server, Virtual PC and Virtual Server.

It would be unusual if Microsoft was able to complete its testing of a patch for the Office Web Components issue in time to release an update alongside these fixes.

Subscribe to ITWIRE UPDATE Newsletter here

Now’s the Time for 400G Migration

The optical fibre community is anxiously awaiting the benefits that 400G capacity per wavelength will bring to existing and future fibre optic networks.

Nearly every business wants to leverage the latest in digital offerings to remain competitive in their respective markets and to provide support for fast and ever-increasing demands for data capacity. 400G is the answer.

Initial challenges are associated with supporting such project and upgrades to fulfil the promise of higher-capacity transport.

The foundation of optical networking infrastructure includes coherent optical transceivers and digital signal processing (DSP), mux/demux, ROADM, and optical amplifiers, all of which must be able to support 400G capacity.

With today’s proprietary power-hungry and high cost transceivers and DSP, how is migration to 400G networks going to be a viable option?

PacketLight's next-generation standardised solutions may be the answer. Click below to read the full article.


WEBINAR PROMOTION ON ITWIRE: It's all about webinars

These days our customers Advertising & Marketing campaigns are mainly focussed on webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

We have a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you.


Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News