Results 1 to 5 of 5
  1. #1
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts
    Microsoft has received reports of exploits on the web that allow the takeover of your computer if you have the Office Web Controls (OWC) installed. Generally speaking, if you have ever installed Office XP or Office 2003, there's a good chance you have them.

    The exploits run in IE with low to medium security, but not with high security because high security disables ActiveX controls.

    To update your registry so that web sites are blocked from using the spreadsheet control, you can get a little "fixit" program from Microsoft.com here: Microsoft Security Advisory: Vulnerability in Microsoft Office Web Components control could allow remote code execution (MSKB 973472). (Assuming Microsoft is able to patch the control later, you can return to that same page and download the tool that unblocks it again.)

    ATTENTION WEBMASTERS: If you operate a web site that depends on an embedded spreadsheet control, the distribution of this "fix" may impact the usability of your site. It would be a good idea to test that.

  2. #2
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts
    Thanks! I seldom encounter web pages with embedded spreadsheets, but I've installed the Fix-It to be on the safe side.

  3. #3
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts
    Hah! Now that the problem has been fixed (hopefully) in the August 2009 updates, they have removed both the Fix-It AND the tool to undo that...

    I wonder whether the update undoes the Fix-It...

  4. #4
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts
    [quote name='HansV' post='788981' date='14-Aug-2009 07:23']Hah! Now that the problem has been fixed (hopefully) in the August 2009 updates, they have removed both the Fix-It AND the tool to undo that...

    I wonder whether the update undoes the Fix-It...[/quote]
    I doubt that an update would remove a kill bit. I'm submitting some appropriate feedback on that MSKB page.

  5. #5
    Plutonium Lounger
    Join Date
    Nov 2001
    Posts
    10,550
    Thanks
    0
    Thanked 7 Times in 7 Posts
    [quote name='HansV' post='788981' date='14-Aug-2009 15:23']Hah! Now that the problem has been fixed (hopefully) in the August 2009 updates, they have removed both the Fix-It AND the tool to undo that...

    I wonder whether the update undoes the Fix-It...[/quote]

    I cunningly downloaded both when I installed the Fix-it, but I haven't run Fixit50292 yet!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •