Contact Us Today! (215) 853-2266

Bardissi Enterprises Blog

Bardissi Enterprises has been serving the Hatfield area since 2000, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Microsoft Office OneNote Vulnerability Allows Code Execution

Severity: High

9 September, 2008


Summary:

§ These vulnerabilities affect: Current versions of Microsoft Office for Windows (not for Mac)

§ How an attacker exploits them: By enticing one of your users to click a malicious link

§ Impact: An attacker can execute code, potentially gaining complete control of your computer

§ What to do: Install the appropriate Office patches immediately

Severity: High

9 September, 2008


Summary:

§ These vulnerabilities affect: Current versions of Microsoft Office for Windows (not for Mac)

§ How an attacker exploits them: By enticing one of your users to click a malicious link

§ Impact: An attacker can execute code, potentially gaining complete control of your computer

§ What to do: Install the appropriate Office patches immediately

Exposure:

Today, Microsoft released a security bulletin describing a vulnerability in the Office OneNote component that ships with current versions of Microsoft Office. OneNote is a digital notebook that allows you to gather all your notes in one place for easy management, searchability, and corroboration. According to Microsoft, OneNote suffers from an unspecified “validation error” involving the way it handles specially crafted links containing the “onefile://” URI. By enticing one of your users to click on such a link, an attacker can exploit this flaw to execute code on that user’s computer, with that user’s privileges. Like most Windows flaws, if your user has administrative rights, the attacker can leverage this attack to totally take over that user’s machine.

Solution Path

Microsoft has released patches for Office to correct all of these vulnerabilities. You should download, test, and deploy the appropriate patches throughout your network immediately.

§ Office XP

§ Office 2003

§ 2007 Microsoft Office System

§ Office OneNote 2007

For All WatchGuard Users:

Your users may encounter the malicious links used to trigger this flaw during normal Web browsing. The patches above are your primary recourse.

Status:

Microsoft has released Office updates to fix these vulnerabilities.

References:

§ MS Security Bulletin MS08-055

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Monday, 23 December 2024
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Blog Archive

Recent Comments

Tip of the Week: Which Headphones are Right for Your Needs?
23 April 2018
I will recommend Plantronics Backbeat Pro 2 SE Noise cancelling Headset with it's Great features.
Gamification: Make Business Fun for Everyone
27 January 2017
The world is based on the games. There are many types of games as per the aussie essay writing servi...
Let's Talk Tablets
12 January 2017
The concept of tablet is far better than that of PC because you can bring them with you everywhere a...
Tip of the Week: Tweak Your Workday in These 4 Ways and See Major Results
12 January 2017
The only thing will I will say regarding this blog is that it is very helpful at least for me. As I ...
WatchGuard Releases Version 10.2.7 for WSM, Edge, Fireware, and Fireware Pro
23 December 2016
I really needed to know about the fireware but i was confused that where can i find information abou...