Microsoft Issues Security Workarounds for Access Ahead of Patch Tuesday

<a href="http://www.theregister.co.uk/2008/07/08/ms_snapshot_bug_workaround">The Register</a>, <a href="http://redmondmag.com/news/rss.asp?editorialsid=10029#3">Redmond</a>

Jim Manico, OWASP Global Board Member

July 8, 2008

1 Min Read

On the eve of what most are considering to be a low-key Patch Tuesday, Microsoft separately issued a workaround for an ActiveX vulnerability within its Access database program.Specifically, the flaw affects the Snapshot Viewer in Microsoft Office Access 2000, 2002 and 2003, enabling attackers to gain full rights to compromised machines. The Snapshot Viewer stores screen shots of data reports into usable files and can be viewed without running Access.

While it figures out a true fix, Microsoft offered three workarounds to ward off attacks: prevent COM objects from running in Internet Explorer; change settings to prompt before running Active Scripting or to disable Active Scripting in the Internet and local intranet security zone; and set Internet and local intranet security zone settings to ?High? to prompt before running ActiveX Controls and Active Scripting.

Otherwise, today's patches are expected to comprise four important fixes involving Windows Vista, XP/2000/20003, SQL Server and Exchange Server.The Register, Redmond

Read more about:

2008

About the Author(s)

Jim Manico

Jim Manico

OWASP Global Board Member

Jim Manico is a Global Board Member for the OWASP foundation where he helps drive the strategic vision for the organization. OWASP's mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks. OWASP's AppSecUSA<https://2015.appsecusa.org/c/> conferences represent the nonprofit's largest outreach efforts to advance its mission of spreading security knowledge, for more information and to register, see here<https://2015.appsecusa.org/c/?page_id=534>. Jim is also the founder of Manicode Security where he trains software developers on secure coding and security engineering. He has a 18 year history building software as a developer and architect. Jim is a frequent speaker on secure software practices and is a member of the JavaOne rockstar speaker community. He is the author of Iron-Clad Java: Building Secure Web Applications<http://www.amazon.com/Iron-Clad-Java-Building-Secure-Applications/dp/0071835881> from McGraw-Hill and founder of Brakeman Pro. Investor/Advisor for Signal Sciences.

See more from Jim Manico
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars
Events
More Events

Editor's Choice

US Secretary of State Antony Blinken stands at a lectern on a large stage with projection screens everywhere.
Cybersecurity Operations
Blinken: Digital Solidarity Is 'North Star' for US PolicyBlinken: Digital Solidarity Is 'North Star' for US Policy
byKaren Spiegelman, Features Editor
May 7, 2024
3 Min Read
Globe, plane, truck, person, and stack of boxes against a world map
Cyber Risk
Supply Chain Breaches Up 68% Year Over Year, According to DBIRDBIR: Supply Chain Breaches Up 68% YoY (Depending on your Definition)
byNate Nelson, Contributing Writer
May 6, 2024
2 Min Read
thumbnail
Identity & Access Management Security
Microsoft Previews Feature to Block Malicious OAuth AppsMicrosoft Previews Feature to Block Malicious OAuth Apps
byJeffrey Schwartz, Contributing Writer
May 6, 2024
3 Min Read
Reports
More Reports
White Papers
More Whitepapers
Events
More Events