The company issued an advisory outlining the attacks, which were classified as "very limited" and aimed at specific targets.
McAfee researcher Craig Schmugar suggested in a blog posting that the attacks could indicate a shift in strategy.
Attackers have typically exploited Microsoft Jet DB vulnerabilities through MDB files, and Microsoft has always stuck to its MDB files are unsafe story, wrote Schmugar. "Well that has changed," he added.
Microsoft said that Windows Vista and the recent Service Pack 1 upgrade are not vulnerable to the buffer overflow used in the attack. The Service Pack 2 version of Office 2003 is also immune.
The company is investigating the attacks, and has not yet decided whether to patch the flaw immediately or wait until next month's scheduled security update. Microsoft has advised users not to open files from untrusted sources.
The vulnerability allows an attacker to access the system with the rights of the current user, and Microsoft said that administrators can minimise this risk by putting controls on non-administrator accounts.
.png&h=140&w=231&c=1&s=0)
.png&w=120&c=1&s=0)
EDUtech AU
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
