Skip to main content
MSRC

ActiveX

Black Hat USA Spotlight: ATL Killbit Bypass

Monday, July 27, 2009

There are only a few days left before Black Hat USA, and we, like most other speakers, are in the midst of the last-minute push to have all the materials finalized in time for our presentation. Our presentation this year, “The Language of Trust,” features a lot of material related to attacking software interoperability layers, and focuses on Web browsers as case studies.

Security Bulletin Webcast Video, Questions and Answers – July 2009

Wednesday, July 15, 2009

Today Adrian Stone and I conducted the security bulletin webcast for June covering the six bulletins we released yesterday and Security Advisory 973472 (vulnerability in Office Web Components). There were several questions about MS09-028 and MS09-032. These security updates addressed two open security advisories (971778 and 972890 respectively). One common question was “if I installed the Fix it workaround in the advisory, do I need to uninstall it before installing the update in the bulletin?

Microsoft Security Advisory 973472 Released

Monday, July 13, 2009

Hi Everyone, This is Dave Forstrom, group manager for our security response communications team. We have just posted Microsoft Security Advisory 973472, which highlights a vulnerability in Microsoft Office Web Components. Specifically, the vulnerability exists in the Spreadsheet ActiveX control and while we’ve only seen limited attacks, if exploited successfully, an attacker could gain the same user rights as the local user.

More information about the Office Web Components ActiveX vulnerability

Monday, July 13, 2009

We are aware of public attacks on the Internet exploiting a vulnerability in the Office Web Components Spreadsheet ActiveX control (OWC 10 and OWC11). Microsoft has released an advisory with further information available here. What’s the attacking vector? This vulnerability could be used for remote code execution in a “browse and get owned” scenario.

Questions about Timing and Microsoft Security Advisory 972890

Thursday, July 09, 2009

Hi everyone, Mike Reavey here. You’ve probably seen in Jerry’s Advance Notification posting today announcing that we’re on track to release an update to address the issue discussed in Microsoft Security Advisory 972890. We’ve gotten some questions from customers about when we got the first report of this vulnerability and how long the investigation has taken relative to the outbreak of attacks against this vulnerability.

Microsoft Security Advisory 972890 Released

Monday, July 06, 2009

I wanted to let you know that we have just posted Microsoft Security Advisory 972890 that discusses new, limited attacks against a Microsoft Video ActiveX Control affecting Windows XP and Windows Server 2003. Specifically, we’re aware of a code execution vulnerability within this control that can enable an attacker to run code as the logged-on user if they browse to a malicious site.

June 2009 Bulletin Release

Tuesday, June 09, 2009

Summary of Microsoft’s monthly security bulletin release for June 2009. Today we released 10 new security bulletins. 6 of those affect Windows with two rated as critical, three rated as important and one as moderate. The remaining four all have an aggregate rating of critical and affect Internet Explorer, Microsoft Office Word, Microsoft Office Excel and Microsoft Works Converters.

Behavior of ActiveX controls embedded in Office documents

Tuesday, March 03, 2009

The Microsoft Office applications (Word, Excel, PowerPoint, etc) have built-in ActiveX control support. ActiveX support allows a richer experience when interacting with an Office document. For example, a document author could use the Safe-For-Initialization Office Web Components (OWC) ActiveX control to retrieve data from an intranet data source. Office applications’ prompting behavior