Hackers hammering at unpatched Office flaw

July 7th, 2008

Microsoft has issued details on how to plug a flaw in Office 2000, Office 2002 and Office 2003 that hackers have started hammering.

The flaw relates to an ActiveX control called Snapshot Viewer. According to Microsoft attacks are "limited, targeted attacks" but things could change.

So, enough of the theory, what can you do to protect yourself? Here are a few suggestions:

  • Use a browser other than Internet Explorer (such as Firefox or Opera)
  • Prevent the ActiveX control from running. Paste the following into Notepad, save it on your desktop (called it patch.reg - make sure that it has the .reg file extension) and then run the file by double-clicking on it:Windows Registry Editor Version 5.00
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F0E42D50-368C-11D0-AD81-00A0C90DC8D9}]
    "Compatibility Flags"=dword:00000400
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F0E42D60-368C-11D0-AD81-00A0C90DC8D9}]
    "Compatibility Flags"=dword:00000400
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F2175210-368C-11D0-AD81-00A0C90DC8D9}]
    "Compatibility Flags"=dword:00000400

This entry was posted on Monday, July 7th, 2008 at 21:40 and is filed under Stay Secure. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.