Microsoft is advising customers to take additional security precautions following the discovery of new attacks targeting Internet Explorer.The company said that the attacks exploit a vulnerability in an ActiveX control for the Microsoft Office Web Components software.By embedding a specially-crafted spreadsheet file within a web page, an attacker can cause an application crash and gain the access rights of the current user, potentially allowing for remote code execution on the target system.The ActiveX vulnerability is the second such flaw to be attacked in recent days. Last week, the company issued a warning over another attack taking aim at a flaw in the Microsoft Video control.Microsoft is providing an automatic workaround which disables the vulnerable component. The company did not give information on when a permanent fix will be released.News of the latest flaw comes on the eve of the company's planned monthly patch release. In its advance notice announcement, the company said that it would be issuing fixes for no fewer than six security flaws.Because the new alert has surfaced so close to the planned 'Patch Tuesday' release, security experts have suggested that the company is unlikely to issue a fix along with the monthly update and users are being advised to run the automatic workaround procedure.
Copyright ©v3.co.uk
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @itnews.com.au to your white-listed senders.