Microsoft warns of attacks against Microsoft Access zero-day flaw

Article

Microsoft warns of attacks against Microsoft Access zero-day flaw

Microsoft issued an advisory Monday warning customers of active, targeted attacks using a zero-day flaw in the Snapshot Viewer ActiveX control for Microsoft Access.

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

SearchSecurity radio:

The Snapshot Viewer is used to view database report snapshots that are created with any version of Microsoft Access. The flaw could allow an attacker to gain user rights on a system, Microsoft said.

The ActiveX control is shipped with all supported versions of Microsoft Office Access except for Microsoft Office Access 2007, according to Microsoft. The vulnerability affects the Snapshot Viewer in Microsoft Office Access 2000, Microsoft Office Access 2002 and Microsoft Office Access 2003.

Microsoft said websites, such as blogs which accept or host user-provided content could contain specially crafted content that could exploit this vulnerability. An attacker would have to lure users through an email or instant message to visit a malicious website to pull off a successful attack.

Danish vulnerability clearinghouse Secunia rated the flaw "extremely critical" in its 30883 advisory, becuase the vulnerability is currently being actively exploited in the wild.

As a workaround Microsoft said IT admins can use a feature in Internet Explorer to prevent an ActiveX control from ever being loaded by the Internet Explorer HTML-rendering engine. To do this the admin must set the kill bit for the control in the registry.

"We encourage affected customers to implement the manual workarounds included in the Advisory, which Microsoft has tested," Bill Sisk, the response communications manager for the Microsoft Security Response Center, (MSRC) said in the MSRC blog. "Although these workarounds will not correct the underlying vulnerability, they help block known attack vectors.

Sisk said Microsoft is investigating the attack, which is targeted and not widespread.

The United States Computer Emergency Readiness Team (US-CERT) also issued an advisory. It said upgrading Internet Explorer to version 7 or later may help mitigate the vulnerability through its ActiveX opt-in feature.