Critical Microsoft Office Web Components Vulnerability
Date: July 13, 2009
To: The U of U Campus Community
From: Office of Information Technology and the Information Security Office
Subject: Critical Microsoft Office Web Components Vulnerability
The SANS Institute has issued a warning about a vulnerability in Microsoft Office web components that could allow remote code execution. According to SANS, this vulnerability exists in the ActiveX control used by IE to display Excel spreadsheets. http://isc.sans.org/
These attacks appear to be opportunistic in nature; anyone who browses to an infected website, while using Microsoft Internet Explorer, will be affected.
- Make sure your anti-virus is up to date.
- Consider using an alternate browser such as Firefox, Safari or Opera. Only Microsoft Internet Explorer is vulnerable.
- Ask your system administrator about the Microsoft work around tool: http://support.microsoft.com/kb/973472 (Do not deploy on critical resources without thorough testing.)
Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution
Microsoft Security Advisory (973472)
Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution http://www.microsoft.com/technet/security/advisory/973472.mspx
Microsoft Work Around Tool
Microsoft Warns of New Office Web Components Vulnerability http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1361617,00.html#