Microsoft ActiveX Bug Targets Internet Explorer & Excel


« Is free antivirus software worth it? | Main | Sunbelt Software Joins Fight Against Malware »

07/15/2009



Microsoft ActiveX Bug Targets Internet Explorer & Excel

Kevin R. Smith
Co-Editor


Sad to say, the bad guys are at it again.

Computerworld brings news of a new, as yet unpatched ActiveX bug that's being exploited to compromise PCs.

Already because of these attacks, threat conditions have been raised by several antivirus vendors including, Sunbelt, makers of VIPRE; Symantec, makers of Norton AntiVirus; and makers of McAfee VirusScan.

Antivirus Vendor Threat Details Page
Sunbelt Sunbelt Security Blog
Symantec Symantec ThreatCon
McAfee McAfee Avert Labs



Additionally, SANS.org's ISC (Internet Storm Center), temporarily went to condition yellow, with the release of this ISC Diary Entry called, Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution.

Here are some key highlights from ISC's Diary entry,

  • "The vulnerability is being actively exploited on web sites."
  • "One other obvious mitigation step is to use an alternate web browser (as in other than IE) that does not make use of ActiveX." [AVR Editor's Note: If you haven't already tried Mozilla Firefox, we recommend you download Firefox and give it a try.]
  • Attack vectors include,

    "A .cn [Chinese] domain using a heavily obfuscated version of the exploit." [AVR Editor's Note: The key word here is "obfuscated." You may not even know you're on a Chinese domain being infected with this virus when it happens.]
  • Another attack vector mentioned was, "A highly targeted attack against an organization earlier today who received a Microsoft Office document with embedded HTML.

    "This one was particularly nasty, it was specifically crafted for the target - with the document being tailored with appropriate contact information and subject matter that were specific to the targeted recipient.

    "Analysis of the document and secondary payload found the attacker used a firewall on the malicious server so that all IP traffic outside of the targeted victim's domain/IP range would not reach with the server."

Regrettably, as with many things, the bad guys beat Microsoft to the punch, and a patch for the security vulnerability hasn't yet been released.

In the mean time, Microsoft has a manual Active X Vunlerability Workaround [AVR Editor's Note: Look for 'Enable workaround' beneath the 'Fix it for me' section'.]

Here are further details of Microsoft Security Advisory on the MS Office ActiveX Vunerability.

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a0133f40d81f4970b01348764913f970c

Listed below are links to weblogs that reference Microsoft ActiveX Bug Targets Internet Explorer & Excel :

Comments

You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.