July 15, 2009

Yet another Zero Day Vulnerability

Yesterday (“Patch Tuesday”) , MS released a fix to a “Zero Day” vulnerability in the Video ActiveX control in Internet Explorer. This one got a lot of press and embarrassed MS.

“Zero Day” means that there are known attempts to use a vulnerability the first day is is made known publicly.

MS now acknowledges that there is another IE “zero day” vulnerability, this time in the spreadsheet ActiveX control. Microsoft has released a Security bulletin (http://www.microsoft.com/technet/security/advisory/973472.mspx) and instructions on applying a work around to disable the feature in a Security Advisory (http://support.microsoft.com/kb/973472)

This vulnerability exists in the following software. If you use one of them, it’s advised you apply the patch ASAP.

  • Microsoft Office Small Business Accounting 2006
  • Microsoft Office 2003 Web Components for the 2007 Microsoft Office system
  • Microsoft Office 2003 Service Pack 3
  • Microsoft Office 2003 Web Components
  • Microsoft Internet Security and Acceleration Server 2004 Standard Edition
  • Microsoft Internet Security and Acceleration Server 2004 Service Pack 3
  • Microsoft Internet Security and Acceleration Server 2006 Service Pack 1
  • Microsoft Internet Security and Acceleration Server 2006 Enterprise Edition
  • Microsoft Internet Security and Acceleration Server 2006 Standard Edition

0 comments:

Post a Comment