Microsoft
Microsoft has revealed more details about the Office Jet attack

Microsoft updates Office Jet attack advisory

Company provides background on new Office attack

Shaun Nichols in California

Microsoft has shed further light on last week's attacks on the Office Jet database component.

The company issued an update to its original security advisory, in which Microsoft Security Response Center manager Mike Reavey provided more information about the attack and how it differs from previous threats.

Advertisement

Security researchers had noticed that the attack exploits MDB files which Microsoft had previously deemed "unsafe" and attempts to shield itself from discovery.

Reavey explained that the attackers had found a new way to access the files, allowing them to hide the threat in a Word file.

"Everything changed with the discovery of this new attack vector that allowed an attacker to load an MDB file via opening a Microsoft Word document," wrote Reavey. "The previous guidance does not work against this new attack."

Reavey claimed that Microsoft has developed a new version of the MS Jet component which is protected from the attacks.

Everything changed with the discovery of this new attack vector

Mike Reavey Microsoft Security Response Center manager

The updated component is already in use by Windows Vista and Server 2003. Windows XP SP3 will also contain a fix when it ships later this year. Office 2003 SP2 is also protected.

Reavey said that Microsoft is considering including a fix in a later security update. He also offered a couple of security tips.

"Enterprise administrators can block Jet files, even those renamed from MDB, at the gateway," he said.

"For end-users, we will continue to recommend that you never, ever open atta chments received unexpectedly."

  • Have your say
  • Send to a friend
  • Print
  • Digg
  • Reddit
  • Share

Do you agree?

Related whitepapers

Related jobs

Most watched

Xperia X1

Video Review: Sony Ericsson Xperia X1

First Looks Editor Ian Williams gets hands on with the Sony Ericsson Xperia X1

iPhone

Video Review: iPhone 3GS

We put Apple's latest iPhone through its paces

IT white papers

Search white papers

Top categories

Poll

Poll: Summer smartphones

Poll: Summer smartphones

Which smartphone will you be taking to the beach this summer?

View poll results

Advertisement

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

Existing User

Newsletter user login:

Enter email address to edit your newsletter preferences

Job of the week

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Hiring now on ComputingCareers:

Related IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Spotlight

a padlock

Microsoft to plug security holes

Microsoft has given advance warning of a number of security...

Nokia handset

Top 10 articles, 10 July 09

No Nokia Android phone, ActiveX attacks and Google enters into...

Can Google beat Microsoft at its own game?

Google's announcement this week that it plans to step into...

iPhone

Video Review: iPhone 3GS

We put Apple's latest iPhone through its paces

Primary Navigation