Good Evening, For those of you who are not already aware, CCIP would like to bring your attention the the Microsoft Security Advisory 973472 that was released today: http://www.microsoft.com/technet/security/advisory/973472.mspx CCIP is bringing this to your attention as this vulnerability has been reported as being actively exploited in the wild. Microsoft have announced a vulnerability in Microsoft Office Web Components Control that allows remote code execution. This is reported to affect the following software: Microsoft Office XP Service Pack 3 Microsoft Office 2003 Service Pack 3 Microsoft Office XP Web Components Service Pack 3 Microsoft Office 2003 Web Components Service Pack 3 Microsoft Office 2003 Web Components for the 2007 Microsoft Office System Service Pack 1 Microsoft Internet Security and Acceleration Server 2004 Standard Edition Service Pack 3 Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition Service Pack 3 Microsoft Internet Security and Acceleration Server 2006 Internet Security and Acceleration Server 2006 Supportability Update Microsoft Internet Security and Acceleration Server 2006 Service Pack 1 Microsoft Office Small Business Accounting 2006 MITIGATION Microsoft is working on a security update for this, however until it is released administrators are advised to take the following mitigation steps immediately. There is currently no patch to correct this issue. However you can set the kill-bit to mitigate this vulnerability. Microsoft have provided a way to automatically implement the workaround by following the instructions under "Fix It For Me" in the following Knowledge Base article: http://support.microsoft.com/kb/973472 Alternatively the following quoted text can be included in a .REG file and imported into your registry. ---BEGIN QUOTE--- Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E541-0000-0000-C000-000000000046}] "Compatibility Flags"=dword:00000400 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E559-0000-0000-C000-000000000046}] "Compatibility Flags"=dword:00000400 ---END QUOTE--- The following article describes how to deploy the fix using Active Directory: http://technet.microsoft.com/en-us/library/bb457006.aspx There is also a writeup on Microsoft's Security Response Centre Blog: http://blogs.technet.com/msrc/archive/2009/07/13/microsoft-security-advisory... Regards, The CCIP Team -- Centre for Critical Infrastructure Protection Government Communications Security Bureau P: +64 4 498 7654 F: +64 4 498 7655 E: info(a)ccip.govt.nz I: www.ccip.govt.nz ===================================================================== If you would like to unsubscribe from CCIP Vulnerability Alerts, Advisories, e-Bulletins, Please send an email with 'Unsubscribe' in the subject line to publications(a)ccip.govt.nz ===================================================================== --- This e-mail contains official New Zealand Government information, which is intended for the use of addressees only. If you have received this e-mail in error, please notify the sender immediately and delete. You should not further disseminate, distribute or copy this e-mail in any way. ---