Best Deals of the Week at TigerDirect.com

Welcome to Skylarking!

An Internet and Computer Tech Blog for Computer Users of All Ages, at Home, at School, or in the Office. Your Questions and Comments are Welcome!

Articles and Editor: Robert Saunders of Skylark NetWorks, Merrick, New York 11566.
Add to Technorati Favorites Subscribe to Skylarking by Email Subscribe to Skylarking by RSS News Feed Reader Join Skylarking's Facebook Fan page TwitterCounter for Skylarking

Robert Saunders, Skylark NetWorks Alltop, confirmation that I kick ass Pure Networks

Microsoft Access Warning

Written by Robert Saunders. Jul 08 2008 at 1:52 pm

July 7, 2008, Redmond, WA — Microsoft issued a Security Advisory regarding targeted attacks against users of its Access 2000, Access 2002, and Access 2003 database software.

Access is not commonly found on home computers.  It is more common on business and office computers, and is part of the expensive “Microsoft Office Professional” software suite, which should not be confused with “Windows XP Professional”.

Do I Have Access 2000, 2002, or 2003?
Most home computers do not have Microsoft Access installed on them.  If you are unsure, or if you want to check, do the following:

  1. Click “Start”
  2. Click “Programs” or “All Programs”
  3. Click “Microsoft Office”
    1. If you don’t see Microsoft Office, then you don’t have to go any further; you’re safe.
    2. If you see and click Microsoft Office, but you don’t see Access 2000, 2002, or 2003, then you’re safe, too.

So if you can’t find Microsoft Office and Microsoft Access then you’re safe.  You are also safe if you have Access 95, 97, 98, and 2007. Those versions are unaffected.

What Attack?
The attack affects a flaw in the ActiveX control for the “Snapshot Viewer” for Microsoft Access. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.

How To Avoid It?
Computer users who have one of the affected versions of Access should perform the following actions:

  1. Start Internet Explorer, then click Internet Options on the Tools menu.
  2. Click the Security tab.
  3. Click Internet, and then click Custom Level.
  4. Under Settings, in the Scripting section, under Active Scripting, click Prompt or Disable, and then click OK.
  5. Click Local intranet, and then click Custom Level.
  6. Under Settings, in the Scripting section, under Active Scripting, click Prompt or Disable, and then click OK.
  7. Click OK two times to return to Internet Explorer.

Updates?
Every Tuesday evening Microsoft issues Windows Updates and Microsoft Updates to patch flawed software. No patch has been released for the Access problem at this time, and the procedure above is only offered as a workaround until the underlying problem can be solved.

Update: Patched on August 12, 2008

Need more information?

You can also post a question or comment by clicking the link below. You must register in order to leave a comment. Keep up to date with Skylarking by subscribing by RSS News Feed or by Email.

  • Share/Save/Bookmark
1 Comment, Post Another »RSS Subscribe to the comments for this post

Related Posts


Posted on : Jul 08 2008
Tags: , , , , , , , ,
Posted under Alerts, MS Access, MS Office, Microsoft |

1 Trackback(s)

Post a Comment

Enter your email address:

Delivered by FeedBurner

Us Weekly Magazine - Only 99c an issue! Save 75%!
Pure Networks

BlogCatalog.com Visitors