Vulnerability in Microsoft Office Web Components...

July 2009

Please be advised that Microsoft issued an advisory today and the SANS Internet Storm Center is reporting that the vulnerability is being actively exploited on web sites. (http://isc.sans.org/) Here is the link to the Microsoft advisory. http://www.microsoft.com/technet/security/advisory/973472.mspx

The following software is affected by this advisory:

· Microsoft Office XP Service Pack 3

· Microsoft Office 2003 Service Pack 3

· Microsoft Office XP Web Components Service Pack 3

· Microsoft Office 2003 Web Components Service Pack 3

· Microsoft Office 2003 Web Components for the 2007 Microsoft Office system Service Pack 1

· Microsoft Internet Security and Acceleration Server 2004 Standard Edition Service Pack 3

· Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition Service Pack 3

· Microsoft Internet Security and Acceleration Server 2006

· Internet Security and Acceleration Server 2006 Supportability Update

· Microsoft Internet Security and Acceleration Server 2006 Service Pack 1

· Microsoft Office Small Business Accounting 2006

Microsoft is currently developing a security update to address this vulnerability. Until a fix is available, US-CERT recommends the following to help mitigate the risk:

Prevent Microsoft Office Web Components Library from running in Internet Explorer by setting the appropriate kill bit for the control in the registry. More information on setting the kill bit can found in Security Advisory 973472.

· Microsoft Knowledgebase Article 973472 contains instructions on how to implement this workaround automatically.

· Limit user rights on systems to only those that are necessary.

· Keep all systems up to date with the latest patches and anti-virus signatures to limit the attack surface available to attackers.

Thanks K.P.