Incident Response, Network Security, TDR

Microsoft investigates ActiveX public exploits

Microsoft said Monday that attackers are exploiting a zero-day ActiveX vulnerability in the Snapshot Viewer for Microsoft Access.

The vulnerability -- which could be exploited to execute remote code -- affects the ActiveX control for the Snapshot Viewer in Office Access 2000, 2002 and 2003, said Bill Sisk, security response communications manager for Microsoft.

The ActiveX control lets users view Access report snapshots without needing the standard or run-time versions of the database management system.

Users may be infected if they are driven to a specially crafted website, according to a Microsoft advisory issued Monday. Attackers can then assume the same privileges as the logged-on user.

Microsoft, in the advisory, suggests a number of workarounds, including disabling Active Scripting, allowing only trusted sites to run ActiveX controls and Active Scripting, and preventing component object model (COM) objects from running in Internet Explorer (IE).

"We encourage affected customers to implement the manual workaroundsincluded in the advisory, which Microsoft has tested," Sisk said."Although these workarounds will not correct the underlyingvulnerability, they help block known attack vectors."

One mitigating factor is a default configuration built into IE on Windows Server 2003 and 2008 that restricts user privileges, he said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.