Security Update: VBA Vulnerability Makes Office Documents Dangerous

Microsoft has released patches to fix a vulnerability in their Microsoft Visual Basic for Applications (VBA), which ships with all current versions of Microsoft Office. VBA is essentially a programming language that allows developers to make customized applications based on the Office applications. According to the Security Bulletin released by Microsoft regarding this vulnerability, VBA suffers from a memory corruption vulnerability having to do with the way it searches for ActiveX controls in a document that supports VBA. An attacker exploits this by luring a user into downloading a specially-crafted Office document that supports VBA (including Word, PowerPoint and Excel documents) and executing code on the user’s computer, possibly enabling them to take full control over the user’s machine.

3D Corporation will automatically test and deploy security patches on the networks of our 3DProActive™ Managed and Partner clients to eliminate the risks posed by this vulnerability. Other Windows users should download and install the appropriate patches immediately to avoid possible exploitation of their computer and/or computer networks. More information regarding this vulnerability and its impact can be found in Microsoft Security Bulletin MS10-031.

3D provides businesses with up-to-date security solutions that keep networks safe and secure. If you would like additional information on how we can make your network worry-free, please visit our website at http://www.3dcorp.us/, email us at info@3dcorp.us, or call our office at (360) 671-4906.

References: WatchGuard’s LiveSecurity Service Update “VBA Vulnerability Makes Office Documents Dangerous”, Microsoft Security Bulletin MS10-031.