OS/Platform/Application:

Microsoft Office (XP and 2003)

Category: ALERT
Severity: HIGH
Attention: Windows users, System Administrators, Desktop Support Personnel

Summary: Microsoft has released a security advisory for a recently-discovered vulnerability in its Office Web Components.  The most likely mechanism of exploitation is the viewing of a maliciously-crafted website or Office document.  Numerous Internet security resources (as well as Microsoft) are reporting that the vulnerability is currently being actively exploited on the public Internet.

At the time of this writing (11:55 AM 7/13/09) no patch has been made available for the vulnerability but Microsoft has provided a workaround measure to limit the possibility of exposure for vulnerable computers. 

Recommended Actions: Microsoft has provided an automated "Fix it for me" method of implementing the workaround (best for end users) as well as instructions for manual installation (ideal for system administrators).  Windows users/Administrators are encouraged to consider implementing the most appropriate method of workaround at their earliest convenience.  Information on the workarounds is available in the Security Advisory (Links provided below).  Users are cautioned to not click on web links enclosed in emails, instant messages, etc and to use extreme caution in viewing untrusted websites or office documents until the workarounds or patches are installed on their computers.

Readers are encouraged to share this alert with family, friends, and associates.

ITS Actions: N/A

Resources:

Microsoft Knowledge base article (includes links for workarounds):
http://support.microsoft.com/kb/973472

Microsoft Security Advisory (provides detailed explanation of vulnerability):
http://www.microsoft.com/technet/security/advisory/973472.mspx

Microsoft TechNet Blog entry (provides additional details and information):
http://blogs.technet.com/msrc/archive/2009/07/13/microsoft-security-advisory-973472-released.aspx