Tuesday

Active exploitation of Office Web Component ActiveX vulnerability. ISC level raised to yellow.



A critical security vulnerability in an Office Web Component that allows attackers to gain control of a Windows PC has been identified (Microsoft Security Advisory 973472). When using Internet Explorer, code execution is remote and may not require any user intervention.

According to Microsoft and the SANS Internet Storm Center, this vulnerability is being exploited in the wild. SANS ISC Threat level has been raised to yellow to raise awareness of this issue.

Currently there is no update but Microsoft has released a Fix-it tool to disable the vulnerable control in Internet Explorer.

This tool probably sets the two CLSIDs you need to set the killbit:

{0002E541-0000-0000-C000-000000000046}
{0002E559-0000-0000-C000-000000000046}

The following twitter account is relaying up to date information:

http://twitter.com/sans_isc_fast

The latest tweets reported millions of computers being infected in China. If you're not a twitter user, you can also monitor the Twitter account through this RSS feed.

Alternatively to setting killbits, you can switch to an alternative browser.

This advisory discusses the following software.

Affected Software

  • Microsoft Office XP Service Pack 3
  • Microsoft Office 2003 Service Pack 3
  • Microsoft Office XP Web Components Service Pack 3
  • Microsoft Office 2003 Web Components Service Pack 3
  • Microsoft Office 2003 Web Components for the 2007 Microsoft Office system Service Pack 1
  • Microsoft Internet Security and Acceleration Server 2004 Standard Edition Service Pack 3
  • Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition Service Pack 3
  • Microsoft Internet Security and Acceleration Server 2006
  • Internet Security and Acceleration Server 2006 Supportability Update
  • Microsoft Internet Security and Acceleration Server 2006 Service Pack 1
  • Microsoft Office Small Business Accounting 2006
Non-Affected Software
  • Microsoft Office 2000 Service Pack 3
  • 2007 Microsoft Office Suite Service Pack 1 and 2007 Microsoft Office Suite Service Pack 2
  • Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1 and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2
  • Microsoft Forefront Threat Management Gateway, Medium Business Edition
  • Microsoft Internet Security and Acceleration Server 2000 Service Pack 2
(Photo under creative commons from TedRheingold's photostream)

No comments: