Symantec: Microsoft Access ActiveX attacks will intensify

An easy-to-use toolkit used to hack computers has now been updated to take advantage of an unpatched security vulnerability in Microsoft's software.

An easy-to-use toolkit used to hack computers has now been updated to take advantage of an unpatched security vulnerability in Microsoft's software, which could mean attacks will intensify, according to vendor Symantec.

The Neosploit toolkit is one of several on the Internet that can be used by less-technical hackers to compromise machines. Symantec said it has detected on its network of Internet sensors that Neosploit can take advantage of a vulnerability revealed early last week in Microsoft's Access database program.

"Further analysis of these honeypot compromises has revealed that the exploit has been added to a variant of the Neosploit exploit kit, it will very likely reach a larger number of victims," according to an entry on the company's ThreatCon advisory board.

Microsoft hasn't patched the bug yet, and the company just issued its patches for the month on July 8. The vulnerability is within the Snapshot Viewer ActiveX control, which launches a viewer for Microsoft Access reports that doesn't require running the Access software itself.

The vulnerability poses a special danger since the ActiveX control is digitally signed by Microsoft, which means that people who have Internet Explorer configured to trust ActiveX controls with that designation would run it automatically if encountered on a Web page.

Some of the Web pages that have already been hacked with automated SQL injection attacks earlier this year are also hosting the Microsoft Acess attack, according to Symantec's Sean Hittel.

"As is the case with most of these ActiveX attacks, they are being served by traditional Web sites that have themselves fallen victim to automated SQL injection attacks," Hittel wrote on a Symantec forum. "In the past, we have seen government, commercial, and hobby sites fall victim to these SQL injection attacks and subsequently begin serving exploits to each of their visitors."

The problematic viewer accompanies all supported versions of Microsoft Office Access except Microsoft Access 2007,

Microsoft has offered suggestions in a security advisory to prevent attacks until a patch is available.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?