Singapore – Sept. 13, 2007 – Today Microsoft issued information on four new security bulletins, one of which is critical. The following summary provides Symantec’s evaluation of the critical issue.
Vulnerability in Microsoft Agent ActiveX control
Symantec Security Response rates the remote code execution vulnerability in Microsoft Agent ActiveX as critical since ActiveX controls run on a significant number of systems. Consumers and enterprise users using Microsoft Windows 2000 are susceptible to exploits if they visit a malicious Web page. A successful exploit could allow an attacker to install malicious code of his/her choice and potentially allow the attacker to gain complete control of the affected system.
“Symantec has observed a significant increase in ActiveX vulnerabilities this year,” said Ben Greenbaum, senior research manager, Symantec Security Response. “Attackers are targeting trusted Web brands, such as social networking sites, and then waiting for their victims to come to them so they can exploit the vulnerability and gain access to the individual’s computer. Due to the availability of public proof-of-concept code, we also think the MSN Messenger and Windows Live Messenger vulnerability is a high urgency issue.”
Symantec recommends the following actions for IT administrators in response to all of the Microsoft security bulletins:
Symantec recommends the following actions for consumers:
Additional information will be available on Symantec’s Security Response Blog shortly at: http://www.symantec.com/enterprise/security_response/weblog/
Additional information on Microsoft’s security bulletins can be found at: http://www.microsoft.com/technet/security/bulletin/ms07-sep.mspx
Symantec’s security experts will closely monitor these vulnerabilities and will provide updates and security content as necessary. Please let me know if you have any questions or if you are interested in speaking with a Symantec expert about any of the Microsoft security bulletins.
Symantec is a global leader in infrastructure software, enabling businesses and consumers to have confidence in a connected world. The company helps customers protect their infrastructure, information and interactions by delivering software and services that address risks to security, availability, compliance and performance. Headquartered in Cupertino, Calif., Symantec has operations in 40 countries. More information is available at www.symantec.com.
NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products, please visit the Symantec News Room at http://www.symantec.com/news. All prices noted are in U.S. dollars and are valid only in the United States.
Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.