US-CERT: Attackers targeting Microsoft Access files

Online criminals are exploiting a flaw in the Microsoft Office Access database to install unauthorized software on computers, the U.S. Computer Emergency Readiness Team (US-CERT) warned in a brief warning on Monday. US-CERT offered few details on the attack, saying simply that the organization is “aware of active exploitation” of the problem by criminals who have sent specially crafted Microsoft Access Database (.mdb) files to victims. These files are “designed for the sole purpose of executing commands,” so they should not be accepted from un-trusted sources, Microsoft said in a note on its Web site. The senior manager for Symantec Corp.’s security response expressed surprise at the attacks as .mdb files “are not something that the average user would come across on a daily basis…” and they “are blocked by default in most installations of Internet Explorer and Outlook Express.”

Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9052538&source=rss_topic17