Microsoft Warns of New Attacks Targeting ActiveX

ActiveX controls are by now nothing short of traditional vectors of attack because of their intimate integration with Microsoft's software products. The latest illustrative examples in this context are the new attacks targeting a Critical vulnerability in the ActiveX control for Microsoft Access. The Redmond company informed that victims could essentially hand over their machines by simply viewing specially crafter malicious web pages. The vulnerability allows for remote code execution and Microsoft revealed that exploits had already been detected in the wild.

Bill Sisk, Microsoft Security Response Center Communications Manager, referred to "active, targeted attacks using a vulnerability in the Snapshot Viewer ActiveX control for Microsoft Access. The Snapshot Viewer enables you to view a report snapshot without having the standard or run-time versions of Microsoft Office Access. The vulnerability affects the Snapshot Viewer in Microsoft Office Access 2000, Microsoft Office Access 2002 and Microsoft Office Access 2003".

The Office 2007 system is not affected by the vulnerability because Microsoft does not offer Access for the latest version of its productivity suite on Windows. According to the Redmond company, potential victims have to be first convinced to navigate to malicious websites which contain the exploit to the Access ActiveX vulnerability. The restrictions to standard privileges (UAC) of Windows Vista and Protect Mode in Internet Explorer 7 will act as additional mitigations which are able to reduce the risk of attacks.

The company has also published an advisory on the matter detailing several workarounds that can be implemented in order for the end users to protect themselves against exploits until a patch is delivered.

"We encourage affected customers to implement the manual workarounds included in the Advisory, which Microsoft has tested. Although these workarounds will not correct the underlying vulnerability, they help block known attack vectors. While the attack appears to be targeted, and not widespread, we are monitoring the issue and are working with our MSRA partners to help protect customers," Sisk added.