Today's Security Fix
by Cara Garretson
Security

New vulnerability in Microsoft Office Web Components discovered

Be the first to comment | 3I like it!
Tags:
More »
Recent Posts
July 14, 2009, 06:12 AM — 

Microsoft said on Monday it is investigating a reported zero-day vulnerability in Microsoft Office Web Components that, if exploited, could give an attacker the same control over a PC as the user. 

The company says it knows of attempts to exploit this vulnerability.

This exploit in Microsoft Office Web Components is possible because in Internet Explorer code execution is done remotely, and therefore doesn’t require user intervention.  The result is an attacker could exploit the vulnerability to deploy malware on the unsuspecting user’s PC.

Office Web Components are a collection of Component Object Model (COM) controls that publish spreadsheets, charts, and databases on the Web and allow for viewing of published components on the Web. This particular vulnerability resides in the Spreadsheet ActiveX control, according to a Microsoft blog post yesterday.

The company is working on a fix, and in the meantime suggests customers prevent Microsoft Office Web Components from running in Internet Explorer either manually or automatically.

Later today, Microsoft plans to release six security updates, three of which are deemed critical including a fix to a similar vulnerability in the Microsoft Video ActiveX Control that could give an attacker the same user rights as a PC’s owner.

Do you tweet? Follow me on Twitter here.

Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world

I like it!
Post a comment
The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
peer-to-peer

Brian Proffitt
Microsoft/Novell: Breaking Down the Coupon Numbers

Esther Schindler
Drupal's Dries Buytaert on Building the Next Drupal

Tom Henderson
Top Ten General Operating Systems Rants

pasmith
PS3 motion controller delayed; goes up against Project Natal

sjvn
Neolithic Windows security hole alive and well in Windows 7

claird
Perl source code comparison makes for good reading

mikelgan
Cell phones don't create stress or interrupt much

Sandra Henry-Stocker
How to: The Unix Interview

 

Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann

Join the conversation here

The Daily Tip

The Daily TipQuick, practical advice for IT pros. Made fresh daily.

Hot tips:

Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.

Newsletters

Subscribe to ITWORLD TODAY and receive the latest IT news and analysis.

I would like to receive offers via email from ITworld partners.
By clicking submit you agree to the terms and conditions outlined in ITworld's privacy policy.
view all newsletters »
Marketplace