Yesterday (“Patch Tuesday”) , MS released a fix to a “Zero Day” vulnerability in the Video ActiveX control in Internet Explorer. This one got a lot of press and embarrassed MS.
“Zero Day” means that there are known attempts to use a vulnerability the first day is is made known publicly.
MS now acknowledges that there is another IE “zero day” vulnerability, this time in the spreadsheet ActiveX control. Microsoft has released a Security bulletin (http://www.microsoft.com/technet/security/advisory/973472.mspx) and instructions on applying a work around to disable the feature in a Security Advisory (http://support.microsoft.com/kb/973472)
This vulnerability exists in the following software. If you use one of them, it’s advised you apply the patch ASAP.
- Microsoft Office Small Business Accounting 2006
- Microsoft Office 2003 Web Components for the 2007 Microsoft Office system
- Microsoft Office 2003 Service Pack 3
- Microsoft Office 2003 Web Components
- Microsoft Internet Security and Acceleration Server 2004 Standard Edition
- Microsoft Internet Security and Acceleration Server 2004 Service Pack 3
- Microsoft Internet Security and Acceleration Server 2006 Service Pack 1
- Microsoft Internet Security and Acceleration Server 2006 Enterprise Edition
- Microsoft Internet Security and Acceleration Server 2006 Standard Edition
0 comments:
Post a Comment