Researchers disagree on attack intensity, but say zero-day ActiveX bug is a big threat

By Gregg Keizer
July 14, 2009 12:14 PM  Computerworld

- Attacks exploiting the latest Microsoft vulnerability are quickly ramping up in quantity and intensity, several security companies warned today as they rang alarms about the developing threat.

Symantec, Sunbelt Software and SANS' Internet Storm Center (ISC) bumped up their warnings yesterday after Microsoft announced that attackers were exploiting a bug in an ActiveX control used by Internet Explorer (IE) to display Excel spreadsheets. There is no patch for the vulnerability, nor will Microsoft release one later today when it issues its July batch of patches. A temporary fix that sets the "kill bits" of the ActiveX control is available, but experts believe it's likely most users won't take advantage of the protection.  [Comments...]