Advertisement
Promo

Security threats Toolkit

Microsoft warns of new ActiveX flaw

Elinor Mills CNET News

Published: 14 Jul 2009 08:30 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Attackers are exploiting a new critical ActiveX hole in Microsoft Office to take control of PCs by luring Internet Explorer users to malicious websites, Microsoft said on Monday.

The zero-day hole, the third one announced by Microsoft in less than two months, is in Office Web Components ActiveX controls used to display and publish spreadsheets, charts and databases to the web.

It affects Office XP, Office 2003, Internet Security and Acceleration Server 2004 and 2006, as well as Office Small Business Accounting 2006.

The security advisory details a manual workaround, or people can use Microsoft's Fix-It tool to implement the workaround automatically.

Microsoft said it was working on a security update to patch the hole.

Antivirus vendor Sophos, meanwhile, said in a blog posting on its site that it had received reports of several websites, mostly in China, serving the exploit as part of a web-exploit kit that downloads and runs a Windows Executable detected as 'Mal/Generic-A'.

Credit: Microsoft warns of attacks on new ActiveX hole from CNET News

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
4 out of 4 people found this useful


In association with HP

Talkback

Post a comment


Full Talkback thread

3 comments

  1. Deploy the workaround - it's critical! lumension
  2. It is urgent to apply the fix. hkommedal
  3. Microsoft warns of new ActiveX flaw ator1940

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:




Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

McKinnon lawyers seek judicial review

Lawyers seeking a judicial review for Nasa hacker Gary McKinnon lodged fresh evidence of his psychiatric state at the High Court on Thursday. Karen Todner, McKinnon's solicitor,... More

1 comment

Beware of keeping your head in the clo...

Information security professionals can look forward to a deepening appreciation for their skills as security continues to be recognised as an essential element for doing business in... More

1 comment

Civil liberties groups attack file-sha...

Civil liberties and digital rights organisations have strongly criticised Lord Mandelson's Digital Economy Bill. Liberty said in a position paper on Tuesday that the bill, part of... More

Post a comment

Win a BlackBerry with Vlingo voice recognition

Win a BlackBerry with Vlingo voice recognition

What is ZDNet UK's usual tagline?

Competition closes - 14 Jan 2010


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters