NewsDude
07-08-2008, 05:40 PM
Microsoft on Monday issued a security advisory to warn users about attacks targeting a vulnerability in the ActiveX control for the Snapshot Viewer in the Microsoft Access database management system.
Microsoft said it is investigating active, targeted attacks. "When a user views the Web page, the vulnerability could allow remote code execution," Microsoft said in its security advisory. "An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user."
The ActiveX control for the Snapshot Viewer enables users to view a Microsoft Access report snapshot without having the standard or run-time versions of Access. The vulnerability only affects the ActiveX control for the Snapshot Viewer for Microsoft Office Access 2000, Microsoft Office Access 2002, and Microsoft Office Access 2003.
How it Works
In a Web-based scenario, an attacker could host a Web site with a page used to exploit this vulnerability. Or compromised Web sites and sites that accept user-provided content could contain specially crafted code to exploit the vulnerability. An attacker would have to convince users to visit the corrupted Web site, typically by getting them to click a link in an e-mail or an instant message, Microsoft said.
A successful attacker could gain the same user rights as the real user. Users whose accounts have fewer rights could be less impacted than users who have administrative rights, according to Microsoft.
By default, Internet Explorer on Windows Server 2003 and Windows Server 2008 runs in a restricted mode known as Enhanced Security Configuration. This mode sets the security level for the Internet zone to high and is a mitigating factor for Web sites not added to the trusted-sites zone, Microsoft said.
An Out-Of-Cycle Workaround
Microsoft isn't in the habit of issuing out-of-cycle workarounds. But Carole Theriault, a security analyst at Sophos, is glad to see Redmond trying to help users...
More... (http://www.toptechnews.com/story.xhtml?story_id=60649)
Microsoft said it is investigating active, targeted attacks. "When a user views the Web page, the vulnerability could allow remote code execution," Microsoft said in its security advisory. "An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user."
The ActiveX control for the Snapshot Viewer enables users to view a Microsoft Access report snapshot without having the standard or run-time versions of Access. The vulnerability only affects the ActiveX control for the Snapshot Viewer for Microsoft Office Access 2000, Microsoft Office Access 2002, and Microsoft Office Access 2003.
How it Works
In a Web-based scenario, an attacker could host a Web site with a page used to exploit this vulnerability. Or compromised Web sites and sites that accept user-provided content could contain specially crafted code to exploit the vulnerability. An attacker would have to convince users to visit the corrupted Web site, typically by getting them to click a link in an e-mail or an instant message, Microsoft said.
A successful attacker could gain the same user rights as the real user. Users whose accounts have fewer rights could be less impacted than users who have administrative rights, according to Microsoft.
By default, Internet Explorer on Windows Server 2003 and Windows Server 2008 runs in a restricted mode known as Enhanced Security Configuration. This mode sets the security level for the Internet zone to high and is a mitigating factor for Web sites not added to the trusted-sites zone, Microsoft said.
An Out-Of-Cycle Workaround
Microsoft isn't in the habit of issuing out-of-cycle workarounds. But Carole Theriault, a security analyst at Sophos, is glad to see Redmond trying to help users...
More... (http://www.toptechnews.com/story.xhtml?story_id=60649)