Microsoft Security Advisory 973472 Released

Security Advisory 973472 relates to a Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution. As with other "remote code execution" vulnerabilities, if exploited, the attacker could could gain the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention. Microsoft is aware of attacks attempting to exploit the vulnerability.

You can prevent the Microsoft Office Web Components from running in Internet Explorer either manually, using the instructions in the Workaround section of the security advisory, or automatically, using the solution found in Microsoft Knowledge Base Article 973472. I recommend home users with "affected software" use the Fix it Solution in Microsoft Knowledge Base Article 973472.

Affected software:

• Microsoft Office XP Service Pack 3
• Microsoft Office 2003 Service Pack 3
• Microsoft Office XP Web Components Service Pack 3
• Microsoft Office 2003 Web Components Service Pack 3
• Microsoft Office 2003 Web Components for the 2007 Microsoft Office system Service Pack 1
• Microsoft Internet Security and Acceleration Server 2004 Standard Edition Service Pack 3
• Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition Service Pack 3
• Microsoft Internet Security and Acceleration Server 2006
• Internet Security and Acceleration Server 2006 Supportability Update
• Microsoft Internet Security and Acceleration Server 2006 Service Pack 1
• Microsoft Office Small Business Accounting 2006

Microsoft is currently working to develop a security update for all affected software listed above and will release the update when it has reached an appropriate level of quality for broad distribution.




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...