Microsoft ActiveX Bug Targets Internet Explorer & Excel
Sad to say, the bad guys are at it again.
Computerworld brings news of a new, as yet unpatched ActiveX bug that's being exploited to compromise PCs.
Already because of these attacks, threat conditions have been raised by several antivirus vendors including, Sunbelt, makers of VIPRE; Symantec, makers of Norton AntiVirus; and makers of McAfee VirusScan.
| Antivirus Vendor | Threat Details Page | |
|---|---|---|
Additionally, SANS.org's ISC (Internet Storm Center), temporarily went to condition yellow, with the release of this ISC Diary Entry called, Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution.
Here are some key highlights from ISC's Diary entry,
Regrettably, as with many things, the bad guys beat Microsoft to the punch, and a patch for the security vulnerability hasn't yet been released.
- "The vulnerability is being actively exploited on web sites."
- "One other obvious mitigation step is to use an alternate web browser (as in other than IE) that does not make use of ActiveX." [AVR Editor's Note: If you haven't already tried Mozilla Firefox, we recommend you download Firefox and give it a try.]
- Attack vectors include,
"A .cn [Chinese] domain using a heavily obfuscated version of the exploit." [AVR Editor's Note: The key word here is "obfuscated." You may not even know you're on a Chinese domain being infected with this virus when it happens.]- Another attack vector mentioned was, "A highly targeted attack against an organization earlier today who received a Microsoft Office document with embedded HTML.
"This one was particularly nasty, it was specifically crafted for the target - with the document being tailored with appropriate contact information and subject matter that were specific to the targeted recipient.
"Analysis of the document and secondary payload found the attacker used a firewall on the malicious server so that all IP traffic outside of the targeted victim's domain/IP range would not reach with the server."
In the mean time, Microsoft has a manual Active X Vunlerability Workaround [AVR Editor's Note: Look for 'Enable workaround' beneath the 'Fix it for me' section'.]
Here are further details of Microsoft Security Advisory on the MS Office ActiveX Vunerability.
