Home > Security News > Hacker toolkit targets Microsoft Access zero-day
Security News:
EMAIL THIS LICENSING & REPRINTS

Hacker toolkit targets Microsoft Access zero-day

By Robert Westervelt, News Editor
14 Jul 2008 | SearchSecurity.com

Security Wire Daily News
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google

The Neosploit exploit toolkit has been tweaked by its makers to take advantage of a zero-day vulnerability in Microsoft Access.

SearchSecurity radio:

Symantec Corp. issued a warning Monday that it found attackers using the exploit toolkit to target an ActiveX control error in the Snapshot Viewer for Microsoft Access. The Snapshot Viewer is used to view database report snapshots that are created with any version of Microsoft Access. The toolkit allows attackers to reach a larger number of victims.

The Cupertino, Calif.-based security vendor issued an alert to customers of its DeepSight threat management service after observing exploit attempts via its honeynet. The vendor is maintaining its ThreatCon at level 2.

"Before this event, this exploit was known to be used only in isolated attacks," Symantec said in the alert.

Symantec warned that any computer with Microsoft Access installed is at risk for infection. English versions are being targeted by the Neosploit toolkit. Users can fall victim to an attack by downloading a malicious application into the Windows Startup folder, Symantec said.

Microsoft issued an advisory last week warning customers that it was investigating targeted attacks against a zero-day flaw in the Snapshot Viewer.

The ActiveX control is shipped with all supported versions of Microsoft Office Access except for Microsoft Office Access 2007, according to Microsoft. The vulnerability affects the Snapshot Viewer in Microsoft Office Access 2000, Microsoft Office Access 2002 and Microsoft Office Access 2003.

Microsoft's advisory highlighted a workaround until a patch is issued. IT administrators can use a feature in Internet Explorer to prevent an ActiveX control from ever being loaded by the Internet Explorer HTML-rendering engine, the software giant said. To do this the admin must set the kill bit for the control in the registry.

Danish vulnerability clearinghouse Secunia has rated the flaw "extremely critical" in its 30883 advisory.



Tags: Securing Productivity ApplicationsVIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google




More Tips to Secure Your Network
Focused on Channel Security?
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Advanced Search | Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts