Another ActiveX zero-day bug from Microsoft

Powered by SC Magazine
 

Microsoft is trying to combat another ActiveX vulnerability being actively exploited -- the second in a week.

The latest bug resides in the Spreadsheet ActiveX control in Office Web Components, according to an advisory. It is being exploited in the wild, enabling cybercriminals to attain the same user rights as the local user, though Microsoft did not detail how widespread attacks have been.

It affects a number of software versions, including Office XP and 2003 Service Pack (SP) 3, and Internet Security and Acceleration Server 2004 SP3 and 2006.

Microsoft has previously discouraged the use of the affected ActiveX control -- it was unclear why, based on the advisory, but experts doubt it was because of an imminent security problem. As users await a permanent fix, they are encouraged to apply a workaround, which prevents the Office Web Components Library from running in Internet Explorer.

"Although the Microsoft Office Web Components ActiveX control has been deprecated for some time now, we still recommend customers implement the workarounds as provided in the advisory," wrote Dave Forstrom, a security response group manager, Monday on a company blog.

This is the second time in a week that a zero-day ActiveX issue has cropped up. Last week, Microsoft warned of active exploits taking advantage of a Video ActiveX control to launch drive-by attacks. A fix for the vulnerability, which Microsoft knew about for more than a year, is expected to arrive next week as part of the software giant's monthly security update.

Andrew Storms, director of security operations at networking security firm nCircle, said that ActiveX controls are preferred means of spreading malware because victims are more likely to install a plug-in than an executable.

"It's easier to get the user to accept and install and run that because it's something inside the browser," he told SCMagazineUS.com. "[ActiveX controls] run as the user that you're logged in as. If you could gain remote control over that, you're essentially acting as that user."

Forstrom said Microsoft plans to release a patch for the vulnerability once engineers are confident they have created a fix that is appropriate for "broad distribution."

As a result of a number of active exploits, the Sans Internet Storm Center upgraded its Infocon threat level status to orange, one up from its normal level, for 24 hours.

Storms said users should worry more about last week's reported ActiveX flaw because it does not require any user interaction to be exploited.

"You didn't even get a pop-up or request to do anything," he said. "You've just been infected.


See original article on scmagazineus.com

Copyright © SC Magazine, US edition


Another ActiveX zero-day bug from Microsoft
 
 
 
Top Stories
IBM denies plans to cut 112k jobs
But admits to further restructuring.
 
ATO investigates 25 tech giants in tax hunt
Prepared to take tax evaders to court.
 
Immigration, Customs restructure IT leadership
Customs CIO promoted into transformation role.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
Franchisees, here's something you should know about
Jan 23, 2015
You need to know the Code if you are a franchisee or franchisor as the penalties are significant.
Xero users rejoice! Quoting has finally arrived
Jan 23, 2015
It has taken years, but Xero has at last added integrated quoting to its online accounting software.
You can now get a no-contract wi-fi tablet from Telstra
Jan 17, 2015
Telstra has began selling wi-fi tablets out of contract without paying extra for cellular ...
Get your business ready for 2015: mobile payments
Jan 2, 2015
These handy apps from MYOB, Xero and others can reduce your administrative load and improve ...
Xero prepares for key feature coming in 2015
Dec 19, 2014
Xero users will be able to track how their business is comparing to other Xero users.
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  36%
 
Your insurance company
  5%
 
A technology company (Google, Facebook et al)
  9%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  4%
 
A Federal Government agency (ATO, Centrelink etc)
  18%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  7%
TOTAL VOTES: 3005

Vote
Do you support the abolition of the Office of the Information Commissioner?

   |   View results
I support shutting down the OAIC.
  27%
 
I DON'T support shutting the OAIC.
  73%
TOTAL VOTES: 954

Vote