Microsoft's suggested workarounds can help thwart targeted attacks against the ActiveX control for Snapshot Viewer.
While users await a patch for a flaw in the ActiveX control for the Snapshot
Viewer for Microsoft Office Access, Microsoft has suggested a number of
workarounds to dodge the problem.
Microsoft officials reported July 7 that they are investigating targeted
attacks that take advantage of a bug in the ActiveX control for Snapshot Viewer
that can be exploited via a maliciously crafted or compromised Web page. When a
user views the Web page, the vulnerability could permit the attacker to execute
code and gain user rights on a compromised system. The vulnerability only
affects the ActiveX control for the Snapshot Viewer for the Microsoft Office
Access 2000, 2002 and 2003 versions.
Among the simpler answers is to configure Internet Explorer to generate
prompts before running Active Scripting or disable Active Scripting altogether
in the Internet zone and the Local intranet zone. Likewise, IE can be
configured to prompt before running ActiveX controls. In both cases, users can
add sites they trust to a list of known good sites that will not generate the
"Many Web sites that are on the Internet or on an intranet use Active
Scripting to provide additional functionality," Microsoft researchers
wrote in the advisory. "For example, an online e-commerce site or banking
site may use Active Scripting to provide menus, ordering forms or even account
statements. You will be prompted frequently when you enable this workaround."
US-CERT also included instructions on disabling the ActiveX control for
Snapshot Viewer by setting the kill bit to certain CLSIDs (class identifiers)
in the Microsoft advisory.
Since successful exploitation of the attack would allow the hacker to gain
the same user rights as the local user, the impact of an exploit can be limited
by minimizing user rights. In addition, Internet Explorer on Windows Server
2003 and Windows Server 2008 runs in a restricted mode known as Enhanced
Security Configuration that sets the security level for the Internet zone to "High"
"Although these workarounds will not correct the
underlying vulnerability, they help block known attack vectors," wrote
Microsoft Security Response Communications Manager Bill Sisk in a blog post. "While
the attack appears to be targeted, and not widespread, we are monitoring the
issue and are working with our MSRA partners to help protect customers."