Tuesday, July 14, 2009

Microsoft warns of new Office Web Components vulnerability

Microsoft issued an advisory Monday, warning of a new vulnerability in Office Web Components being actively targeted by attackers.The Office Web Components allow users to view spreadsheets, charts and databases on the Web. Microsoft said the vulnerability is in the Spreadsheet ActiveX Control, which is used by Internet Explorer (IE) to display the data in the browser. It is remotely exploitable when a person browses with IE and visits a malicious website. If successfully exploited, an attacker could gain the same user rights as the local user and gain complete control of a system, Microsoft said.

Read more about this at:

http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1361617,00.html?track=sy160


Cloud-based security services should start private

Many early stage cloud vendors have it backwards when it comes to offering cloud-based services. They implement Software as a Service (SaaS) first to demonstrate their vision and then develop enterprise integration features. But the right way to go about it is to support corporate clouds in early product releases.

IT is typically conservative about business risk and likes to retain control over sensitive data and applications. Security SaaS vendors may be better served by allowing IT to start by hosting its own private cloud service, integrated with existing data repositories and administrative systems and then provide a path to the full cloud application environment.

Read more about this at:

http://searchsecurity.techtarget.com/news/column/0,294698,sid14_gci1361637,00.html?track=sy160