Office, the best-selling desktop applications suite, has already been been hit by cyber-criminals – and could be hit again, if users don't take appropriate precautions.
That's the message today from the headquarters of Microsoft, which makes the Office software. The problem is rooted in ActiveX, a type of plug-in component that helps Web sites launch content-rich pages. This particular ActiveX plug-in facilitates the transfer of spreadsheets between the browser Internet Explorer and a variety of Office applications.
In a security bulletin, Microsoft said it had made available a temporary fix for the problem, which users must manually download to help prevent their PCs from attack. The company did not reveal how many machines had been hacked.
"Despite today's fixes, Windows users continue to be under attack. Microsoft is taking two steps forward, while attackers are putting it one step back," Dave Marcus, McAfee Inc's Avert Labs director of security research, told Reuters.
On its website, Microsoft said the vulnerability could "allow remote code execution" – meaning hackers could gain control of one or more computers through the Web. In a worst case scenario, a score of computers might be linked together in a botnet, and used to collect wide swaths of user data.