Attack exploits 'unsafe' Windows files

The US Computer Emergency Response Team (US-CERT) is warning users to be vigilant of attacks using Microsoft Access Database (MDB) files.

US-CERT said that it has received reports of attacks targeting the vulnerability in the wild. If exploited, the flaw allows an attacker to remotely execute code on the target machine.

A Microsoft spokesperson would not directly confirm the report, but said that the company is investigating reports of an attack targeting MDB files.

The spokesperson told vnunet.com that even without the vulnerability, MDB files are among those classified as 'unsafe' file types that can be used in attacks.

Though it may sound foreboding, the term simply refers to files that allow for automated actions to run on a user's machine. Other file types classified by Microsoft as 'unsafe' include executables (.exe) and Word documents (.doc).

US-CERT recommends that users reduce the risk of the vulnerability by avoiding suspicious email attachments. The group also recommends that administrators set email filters to block attached file types classified as 'unsafe'.

The reports come just as Microsoft is releasing its final scheduled security update for 2007. The company did not rule out releasing an out-of-schedule patch if the attacks persist.