Microsoft warns of ActiveX vulnerability in Access
By Nicole Kobie,
Microsoft has issued a warning that its Office Access database software is vulnerable to web attack through the ActiveX control for the Snapshot Viewer.
If a user were lured to an attacker’s web page, the vulnerability could let remote code be executed. That could leave the attacker with the same rights as the logged-on user, Microsoft said.
The problem affects the ActiveX control for the Snapshot Viewer – which lets users view a report snapshot – in Microsoft Office Access 2000, 2002 and 2003.
Microsoft has yet to issue a security patch for the vulnerability, but said that by setting a kill bit – changing the necessary registry setting – users can ensure ActiveX control is never loaded by Internet Explorer. “Setting the kill bit makes sure that even if a vulnerable component is introduced or is re-introduced to a system, it remains inert and harmless,” Microsoft said in its security warning.
For more on that fix and the other recommended workarounds, you can view the advisory here.
Microsoft is set to issue its monthly patch update tomorrow, with just four non-critical fixes expected.
You may also like...
Sponsored Links
advertisement
You may also like...
Latest Security Analysis & Insight
Do British police get cyber security?
Davey Winder listens to telephone conversations between the FBI and the Metropolitan Police, courtesy of Anonymous, and isn't impressed.
- Who to trust after the VeriSign hack?
- Striving to solve the security skills crisis
- Would you employ a hacker or malware writer?
- Q&A: Raj Samani, CTO McAfee
- Erase and rewind: the EU and privacy
- My email address is [CENSORED]
- Is there such a thing as a secure tablet?
- 2011: The year in news
- BYOD: Old or new, good or bad?
Latest Security Reviews
Check Point 2210 Appliance review
Rating: 
advertisement
Most popular
- Ubuntu vs. Windows 7 on the business desktop
- York researchers heat storage to speed up data
- OneNote hits Google?s Android
- O2 trials Olympic-scale remote working
- Who to trust after the VeriSign hack?
- Lenovo beats expectations again
- BlackBerry Bold 9790 review
- Will someone rid me of these troublesome Macs?
- Google to promise fairness after Motorola buy
- Welcome to the stay-at-home Olympics
Latest News Videos in Security
IT PRO Podcast: Are UK data protection laws flawed?
PlayWe bring in two experts to talk about the problems with UK data protection law and the way it is managed.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
