March 20th, 2011, 20:45 PM
Microsoft urges Office users to block Flash Player attacks
Microsoft yesterday urged users of older Office suites to install and run a complicated tool to protect themselves against ongoing attacks exploiting an unpatched bug in Adobe's Flash Player.
"For users of Office prior to 2010, the Enhanced Mitigation Experience Toolkit (EMET) can help," said Andrew Roths and Chengyun Chu, a manager and security engineer, respectively, with the Microsoft Security Response Center (MSRC). "Turning on EMET for the core Office applications will enable a number of security protections called 'security mitigations'," the pair wrote in a Thursday post to the company's Security Research & Defense blog.
EMET is a tool designed for advanced users, primarily enterprise IT pros, that manually enables ASLR (address space layout randomization) and DEP (data execution prevention) for specific applications. ASLR and DEP are two anti-exploit technologies included with Windows.
On Tuesday, Adobe confirmed that attackers were exploiting an unpatched bug in Flash Player by sending potential victims malicious Microsoft Excel documents.
Full story: Computerworld