Microsoft has posted Security Advisory 9737472 to warn its users that it is responding to a privately reported flaw in Microsoft Office Web Components (OWC) that hackers are actively attempting to exploit. The vulnerability could allow for an attacker to gain the same user rights as the local user. To make matters worse, if the user is using Internet Explorer, code execution is remote and therefore may not require any user intervention. The list of Office software that this affects is as follows: Office XP, Office 2003, Office XP Web Components, Office 2003 Web Components, Internet Security and Acceleration Server 2004, Internet Security and Acceleration Server 2006, and Office Small Business Accounting 2006. The company also noted that it is currently working on a security update for Windows to address the flaw and will release it broadly once it has reached an appropriate level of quality.

Click here to read the rest of this article