Wednesday, August 12, 2009

Microsoft fixes Office Web Components vulnerability, kill-bit bypass

Microsoft repaired critical Office Web Components vulnerabilities being actively exploited in the wild since they were first acknowledged by the software giant last month. 

Microsoft also released an additional critical update to repair ActiveX vulnerabilities in its Active Template Library. The errors enable an attacker to bypass kill-bits, a feature commonly deployed by Microsoft to block attackers from exploiting complex interoperability vulnerabilities without addressing the underlying flaw. 

In all, Microsoft issued nine security updates Tuesday, including six rated critical, affecting Windows and Office Web Components.

No comments: