Monday, March 21, 2011

Microsoft Urges Users to Block Flash Player Attacks

Microsoft is now urging its users of older Office suites to install and run a complicated tool to protect themselves against ongoing attacks exploiting an unpatched bug in Adobe's Flash Player. Andrew Roths and Chengyun Chu, a manager and security engineer with the Microsoft Security Response Center, say that the Enhanced Mitigation Experience Toolkit (EMET) would help for users of Office prior to 2010. Turning on the EMET will enable a number of security protections called, security mitigations. It is a tool that is designed, usually, for advanced users (such as IT pros) that manually enables address space layout randomization (ASLR) and data execution prevention (DEP), and they are both anti-exploit technologies included with Windows

Adobe has confirmed that attackers were exploiting an unpatched bug in Flash player by sending victims malicious Microsoft Excel documents. Office suites prior to 2010 are only being attacked because the version of Excel that came with Office 2010 has DEP enabled and is not susceptible to attacks. The current attacks do not bypass DEP. Excel 2010 also protects the users by isolating these infected files inside Office 2010's "Protected View". This is a "sandbox" that prevents attacking code from getting out of the application and infecting other areas. Those who use Office 2003 and 2007 are not protected by Protected View or DEP. Microsoft has recommended EMET before. EMET 2.0 can be downloaded for free from Microsoft's site, and after downloading this, users can manually configure the tool to add protection to Office's applications.

Most people think that most attacks and issues usually occur in applications from the Internet, or that you manually download and install onto your computer, that may sometimes not always be trusted. Usually, you can trust the products, especially from Microsoft, in that your computer would not get attacked in such a way. Atleast Microsoft has provided a free download to help prevent these problems from happening again. Adoble plans on fixing Flash Player's vulnerability sometime soon, though.

Article Name: Microsoft Urges Office Users to Block Flash Player Attacks
by: Gregg Keizer
http://www.computerworld.com/s/article/9214795/Microsoft_urges_Office_users_to_block_Flash_Player_attacks?taxonomyId=17

No comments:

Post a Comment