We just set the Sunbelt Threat Level to high since our researchers and at least two other major organizations have found in-the-wild exploit code for the most recent Microsoft vulnerability (Microsoft Security Advisory 973472).
Workaround here.
Microsoft’s advisory, posted today, describes a vulnerability in the ActiveX control used by Internet Explorer to display Excel spreadsheets in Microsoft Office versions before Office 2007. It can allow remote code execution.
Since this advisory was just released today, the vulnerability probably will not be fixed tomorrow on “Patch Tuesday.”
It follows last week’s security advisory (972890) warning of vulnerability in the Video ActiveX Control. That also is being actively exploited. The vulnerability allows an attacker to run arbitrary code on affected machine. A patch isn’t expected soon, but a workaround is available here.
Tom Kelchner