Microsoft is advising customers to take additional security precautions following the discovery of new attacks targeting Internet Explorer.
The company said that the attacks exploit a vulnerability in an ActiveX control for the Microsoft Office Web Components software.
By embedding a specially-crafted spreadsheet file within a web page, an attacker can cause an application crash and gain the access rights of the current user, potentially allowing for remote code execution on the target system.
The ActiveX vulnerability is the second such flaw to be attacked in recent days. Last week, the company issued a warning over another attack taking aim at a flaw in the Microsoft Video control.
Microsoft is providing an automatic workaround which disables the vulnerable component. The company did not give information on when a permanent fix will be released.
News of the latest flaw comes on the eve of the company's planned monthly patch release. In its advance notice announcement, the company said that it would be issuing fixes for no fewer than six security flaws.
Because the new alert has surfaced so close to the planned 'Patch Tuesday' release, security experts have suggested that the company is unlikely to issue a fix along with the monthly update and users are being advised to run the automatic workaround procedure.
.png&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
.png&w=120&c=1&s=0)
EDUtech AU
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
