Skip to main content
MSRC

Workarounds

Microsoft Security Advisory 973472 Released

Monday, July 13, 2009

Hi Everyone, This is Dave Forstrom, group manager for our security response communications team. We have just posted Microsoft Security Advisory 973472, which highlights a vulnerability in Microsoft Office Web Components. Specifically, the vulnerability exists in the Spreadsheet ActiveX control and while we’ve only seen limited attacks, if exploited successfully, an attacker could gain the same user rights as the local user.

More information about the Office Web Components ActiveX vulnerability

Monday, July 13, 2009

We are aware of public attacks on the Internet exploiting a vulnerability in the Office Web Components Spreadsheet ActiveX control (OWC 10 and OWC11). Microsoft has released an advisory with further information available here. What’s the attacking vector? This vulnerability could be used for remote code execution in a “browse and get owned” scenario.

MS09-019 (CVE-2009-1140): Benefits of IE Protected Mode, additional Network Protocol Lockdown workaround

Tuesday, June 09, 2009

Benefits of IE Protected Mode One of the vulnerabilities addressed in MS09-019, CVE-2009-1140, involves navigating to a local file via a UNC path, ex: \\127.0.0.1\c$. This roundabout way of navigating to a file is necessary to execute local content such that it runs in the Internet Explorer Internet zone, where scripting is enabled.

New vulnerability in quartz.dll Quicktime parsing

Thursday, May 28, 2009

Recently, we found a remote code execution vulnerability in Microsoft’s DirectShow platform (quartz.dll) when processing the QuickTime format. We have released advisory 971778 providing guidance to help protect customers. We’d like to go into more detail in this blog to help you understand: Which configurations are at risk? Why is this a high risk vulnerability?

More information about the IIS authentication bypass

Monday, May 18, 2009

Security Advisory 971492 provides official guidance about the new IIS authentication bypass vulnerability. We’d like to go into more detail in this blog to help you understand: Am I at risk? If so, what could happen? How can I protect myself? Which IIS configurations are at risk? Only a specific IIS configuration is at risk from this vulnerability.

Investigating the new PowerPoint issue

Thursday, April 02, 2009

This afternoon, we posted Security Advisory 969136 describing a new vulnerability in PowerPoint while parsing the legacy binary file format. Unfortunately, we discovered this vulnerability being used to deploy malware in targeted attacks. We expect this blog post will: Help you protect your organization from being exploited, and Help you analyze suspicious PowerPoint files.

Behavior of ActiveX controls embedded in Office documents

Tuesday, March 03, 2009

The Microsoft Office applications (Word, Excel, PowerPoint, etc) have built-in ActiveX control support. ActiveX support allows a richer experience when interacting with an Office document. For example, a document author could use the Safe-For-Initialization Office Web Components (OWC) ActiveX control to retrieve data from an intranet data source. Office applications’ prompting behavior