Microsoft Security Advisory 973472 Released

SGT Oddball

SGT Oddball

New member
Pro User
Local time
2:16 AM
Messages
647
Location
Lost in France
Hi Everyone,



This is Dave Forstrom, group manager for our security response communications team. We have just posted Microsoft Security Advisory 973472, which highlights a vulnerability in Microsoft Office Web Components. Specifically, the vulnerability exists in the Spreadsheet ActiveX control and while we’ve only seen limited attacks, if exploited successfully, an attacker could gain the same user rights as the local user.



Products affected are Microsoft Office XP Service Pack 3, Microsoft Office 2003 Service Pack 3, Microsoft Office XP Web Components Service Pack 3, Microsoft Office Web Components 2003 Service Pack 3, Microsoft Office 2003 Web Components for the 2007 Microsoft Office system Service Pack 1, Microsoft Internet Security and Acceleration Server 2004 Standard Edition Service Pack 3, Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition Service Pack 3, Microsoft Internet Security and Acceleration Server 2006, Internet Security and Acceleration Server 2006 Supportability Update, Microsoft Internet Security and Acceleration Server 2006 Service Pack 1, Microsoft Office Small Business Accounting 2006.



We’re currently investigating the issue as part of our Software Security Incident Response Process (SSIRP) and working to develop a security update. This update will be released once it reaches an appropriate level of quality for broad distribution.



Additionally, we are actively working with partners in our Microsoft Active Protections Program (MAPP) as well as the Microsoft Security Response Alliance (MSRA) to share information that they can use to provide broader protections to customers.



Although the Microsoft Office Web Components ActiveX control has been deprecated for some time now, we still recommend customers implement the workarounds as provided in the Advisory. This can be done either manually, using the instructions in the Workaround section, or automatically, using the solution found in Microsoft Knowledge Base Article 973472.



For more technical details on the Advisory, please see what our colleagues have written over on the Security Research & Defense blog.



As always, be sure to check back here on the MSRC blog or in the Advisory for any additional information or updates that develop.



Thanks,

Dave





*This posting is provided "AS IS" with no warranties, and confers no rights*

aggbug.aspx
Click to expand...

More...
 

My Computer

OS
NT4
CPU
Cyrix 233
Motherboard
Jetway
Memory
8 Meg
Graphics Card(s)
Voodoo
Sound Card
SB16
Monitor(s) Displays
14" CRT
Screen Resolution
800x600
Hard Drives
40meg
Keyboard
Yes
Mouse
Yes
Internet Speed
56k
Make sure that you run Windows Update!!!
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
LENOVO K450 @3.0GHZ
OS
64-bit Windows 8.1 Pro
CPU
Core(TM) i5 CPU 4330 Haswell @ 3.20GHz
Motherboard
LENOVO
Memory
12.00 GB
Graphics Card(s)
Intel(R) HD Graphics
Sound Card
Intel HD integtrated
Monitor(s) Displays
HP 25' ISP Monitor
Screen Resolution
1900/1020
Hard Drives
(1) ST1000DM003-1CH162 (2) Generic STORAGE DEVICE USB Device (3) Generic STORAGE DEVICE USB Device
Internet Speed
100mb down/10mb up
You must log in or register to reply here.
Back
Top