Another week, another security vulnerability found and exploited. I can’t stress enough how important it is to use a behavior based monitoring program like WinPatrol. These zero-day vulnerabilities can attack your computer without you doing anything you might consider dangerous. It can happen to anyone, and you can’t just blame it on your kids.
Todays’s Microsoft Security Advisory (973472) relates to components found in Microsoft Office and could allow remote code execution on your machine.
Microsoft is investigating a privately reported vulnerability in Microsoft Office Web Components. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention.
We are aware of attacks attempting to exploit the vulnerability.
Brian Krebs at the Washington Post was quick to point out that in last weeks msvidctl.dll vulnerability Microsoft used the words “limited attacks”.
Our good friends at Microsoft have published a quick fix for this problem. If you’re using any of the applications below I recommend taking advantage of the Fix It link below and follow their instructions. If you do experience problems Microsoft does provide a “Disable Fit it” link
Click above to go to Microsoft Fix it page
- Microsoft Office Small Business Accounting 2006
- Microsoft Office 2003 Web Components for the 2007 Microsoft Office system
- Microsoft Office 2003 Service Pack 3
- Microsoft Office 2003 Web Components
- Microsoft Internet Security and Acceleration Server 2004 Standard Edition
0 comments:
Post a Comment