While it figures out a true fix, Microsoft offered three workarounds to ward off attacks: prevent COM objects from running in Internet Explorer; change settings to prompt before running Active Scripting or to disable Active Scripting in the Internet and local intranet security zone; and set Internet and local intranet security zone settings to ?High? to prompt before running ActiveX Controls and Active Scripting.
CommentaryOn the eve of what most are considering to be a low-key Patch Tuesday, Microsoft separately issued a workaround for an ActiveX vulnerability within its Access database program.Specifically, the flaw affects the Snapshot Viewer in Microsoft Office Access 2000, 2002 and 2003, enabling attackers to gain full rights to compromised machines. The Snapshot Viewer stores screen shots of data reports into usable files and can be viewed without running Access.
- Cybersecurity Forecast 2022: Snowpocalypse or cloudy with a chance of rain?
- Preventing Attackers from Navigating Your Enterprise Systems
- Protecting Enterprise Data from Malicious Insiders
- Beyond Patch Management: Next-Generation Approaches to Finding and Fixing Vulnerable Code
- Creating an Encryption Strategy for Your Enterprise