Make sure Anti-Virus definitions are up to date…

Several bugs result in released patches. Others are coming soon. Some much later.

Firefox (3.5.x was released…and now 3.1.12 for those that didn’t go to 3.5.x)
Adobe Flash (zero day…patch will be in their normal release cycle…7 days away…this is already being exploited on the internet)
Chrome (if you use it was patched last week0
Microsoft (various vulnerabilities were patches last week, more are coming Tuesday for an Out-Of-Band release)

Vulerability is Microsoft Office Web Components being actively exploited

There is a vulerability that was reported yesterday in Microsoft Office Web Components that could allow remote code execution. There is no patch for this yet (even with the patches that were released today).

Office Web Components are Component Object Model (COM) controls that are used for displaying spreadsheets, charts, and the likes viewing in web pages. This vulerability exists in the ActiveX control that is used by Internet Explorer.

This particular vulerability is discussed in MS Security Advisory 973472. http://www.microsoft.com/technet/security/advisory/973472.mspx. In very quick order, the vulerability was being actively exploited on the internet. This vulerability allows an attacker to cause execution of code of choice. Since this is done remotely, no user intervention is needed. This is done with the rights of the user that is signed on to the machine. Unfortunately, most users use computers with administrative rights.

Microsoft has made a workaround available that can be found here: http://support.microsoft.com/kb/973472. There is a link that will temporarily resolve the problem for users, until a patch is released by Microsoft. Click on the "Fix It" graphic on the web page.

All current versions of Microsoft Office are affected. MS Office 2k SP3 is not affected, but it is not supported. Also affected by the vulerability are the following ISA versions:
* Microsoft Internet Security and Acceleration Server 2004 Standard Edition SP3
* Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition SP3
* Microsoft Internet Security and Acceleration Server 2006
* Internet Security and Acceleration Server 2006 Supportability Update
* Microsoft Internet Security and Acceleration Server 2006 SP1
 
According to the Internet Storm Center (isc.sans.org), they are already seeing evidence of this vulerability being activetly exploited on web sites and in documents with embedded html code.

Numerous domain names are popping up on the internet to take advantage of this exploit. With this being so new, it is reasonable to explect many more. To mitigate the exploit, make sure your AV is VERY up to date, consider using third party DNS servers, and defintely consider using restricted rights accounts on your PC (how silly would it be if the administrator account got infected).