Subscribe to Security and ISM News

« | Home | »

Severe Remote Code Execution Vulnerability in Windows

By Liam Reimers | July 15, 2009

On Monday, July 13, Microsoft published a security advisory that describes a flaw in Microsoft Office Web Components that could allow an attacker to take over your PC just by visiting a web page in Internet Explorer or opening an HTML email in Outlook, Outlook Express, or any client that utilizes the Microsoft HTML rendering engine. This affects your Windows PC even if you don’t have Microsoft Office installed, and even if you have all the latest updates and service packs from Microsoft. In other words, everyone is vulnerable!

There are already confirmed cases of this ActiveX exploit being used on the World Wide Web, but even more dangerous, you could be vulnerable to it just by opening an email in Outlook or Outlook Express. If you have configured your email program to block the execution of ActiveX and Active Scripting controls, you could still be vulnerable if you click a link that takes you to an external web page that contains an attack using this vulnerability.

Microsoft plans to deploy a critical security update to repair the problem, however, until that happens, your computer is vulnerable to being taken over. Microsoft has issued a temporary workaround for the problem, and the Security Desk recommends that all its customers run this fix immediately to protect your computer from attackers.

Please visit this link right away and apply the fix by clicking the “Fix It” icon:
Knowledge Base Article (and Fix): http://support.microsoft.com/kb/973472

Related Link:
Security Advisory: http://www.microsoft.com/technet/security/advisory/973472.mspx

Topics: Windows Security News