All the latest UK technology news, reviews and analysis

Malware writers take aim at new ActiveX vulnerability

by Shaun Nichols

More from this author

14 Jul 2009

Be the first to comment

  • Tweet this
Microsoft bug
The latest ActiveX flaw could allow remote code execution

Microsoft is advising customers to take additional security precautions following the discovery of new attacks targeting Internet Explorer.

The company said in a Security Advisory that the attacks exploit a vulnerability in an ActiveX control for the Microsoft Office Web Components software.

Further reading

Embedding a specially-crafted spreadsheet file within a web page could allow an attacker to cause an application crash and gain the access rights of the current user, potentially allowing for remote code execution on the target system.

The ActiveX vulnerability is the second such flaw to be attacked in recent days. Microsoft issued a warning last week about attack taking aim at a flaw in the Microsoft Video control.

Microsoft has provided an automatic workaround which disables the vulnerable component, but did not give information on when a permanent fix will be released.

News of the latest flaw comes on the eve of the company's planned monthly patch release. Microsoft said in its advance notice that it will be issuing fixes for six security flaws.

However, the new alert has surfaced so close to the planned Patch Tuesday release that security experts believe Microsoft is unlikely to issue a fix along with the monthly update, and are advising users to run the automatic workaround procedure.

Do you agree?

Add your comment
 

Add your comment

We won't publish your address
By submitting a comment you agree to abide by our Terms & Conditions. Your comment will be moderated before publication.
Submit your comment

Latest stories from Security

data-security-key

Thousands of public encryption keys found to offer no security

Related white papers

Related articles

Related jobs

Today's top stories

Web blocking. Content owners want to stop copyright infringement

Music file-sharing site taken offline by UK Serious Organised Crime Agency

Mozilla Firefox logo

Mozilla adds Android and security updates to Firefox roadmap

Acer Aspire S3 Ultrabook

Acer Aspire S3 ultrabook review

Poll

IT priorities for 2012

What is the most important IT priority for your company this year?

99%

0%

1%

0%

0%

Features

V3 and The INQUIRER editor Madeline Bennett

BBC and Sky News show tough love with Twitter policies

V3's Rosalie Marshall

World indulges in a Facebook facts fest as firm prepares to float

facebook-new

Top five most interesting figures from Facebook’s IPO

Khidr headshot

Intel will prove Steve Jobs wrong in the mobile market

More features

Connect with V3.co.uk

Sign up to our daily or weekly newsletters

Case studies and reports

Accurev

Top 5 software development challenges

This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes

Talend

Rubbish in, rubbish enterprise

Why good data management at all levels is essential in the modern business (video, 6mins)

Technology jobs

Low Latency Network Engineer, Senior Network Engineer, Multicas

Low Latency Network Engineer, Senior Network Engineer...

SQL Server DBA - (North London)

SQL DBA - (North London) North London , £45k - 50k...

Business Architect – (North London)

Business Architect – (North London) £65,000 – 75,000k...

Graduate Software Engineer - Javascript OR Android

Graduate Software Engineer - Javascript OR Android...

To send to more than one email address, simply separate each address with a comma.