Most Popular
| Top Stories | Commented | Featured |
ATI Radeon HD 5570 Review featured
TechSpot's PC Buying Guide: Always up to date! featured
Weekend tech reading: Microsoft to patch 17-year-old bug
Steam weekend sale: Far Cry Complete for $14.99
Windows 7 overtakes Vista among enthusiasts, plus other interesting trends
Microsoft rumored to showcase Windows Mobile 7 next week with Zune-like interface
TS Community
| User Gallery | Recent Discussion |
 3DMark Vantage by dustin_ds3000 |  Custom Quiet Fan Mount by Technochicken |
 My Axes by Nick Lee |  100_1275 by magaman598 |
TechSpot RSSIndustry News
Fresh Microsoft Office security problems found
Another office security flaw, eh? Well, at least they are finding them (well, Secunia is anyway.) Yes, once again Microsoft is looking into the possibility of there being an unpatched flaw in its Office software suite, the result of which could be to invite hackers to remotely access users' systems. Currently filed under the category of "highly critical" from IT security firm Secunia, the flaw was not addressed in the recent updates from Microsoft.
The unpatched flaw exists in Microsoft's Jet Database Engine, which can be exploited to execute arbitrary code by tricking users into opening a specially designed ".mdb" file in Microsoft Access, according to the Secunia advisory.
Exploit code for the vulnerability has already been posted to a public mailing list, the security company warns.
Microsoft believes that these sorts of things should be reported to the vendor first; any posting to a public mailing list carries the risk of the flaw being made into an exploit and used. Secunia has said that that was exactly what happened, and that Microsoft took no notice.
Secunia says the flaw was first reported by security firm HexView. HexView says it notified Microsoft of the vulnerability on March 30 and received no response. The software vendor declines to comment on the notification claim.
The unpatched flaw exists in Microsoft's Jet Database Engine, which can be exploited to execute arbitrary code by tricking users into opening a specially designed ".mdb" file in Microsoft Access, according to the Secunia advisory.
Exploit code for the vulnerability has already been posted to a public mailing list, the security company warns.
Microsoft believes that these sorts of things should be reported to the vendor first; any posting to a public mailing list carries the risk of the flaw being made into an exploit and used. Secunia has said that that was exactly what happened, and that Microsoft took no notice.
Secunia says the flaw was first reported by security firm HexView. HexView says it notified Microsoft of the vulnerability on March 30 and received no response. The software vendor declines to comment on the notification claim.
