Microsoft warned Microsoft Office customers on Monday to beware of an attack using a flawed ActiveX control for the Snapshot Viewer component of Microsoft's Access database software.

The company stated in an advisory issued on Monday that customers had reported targeted attacks using malicious Web pages to exploit the vulnerability. The software giant has begun investigating the issue and has recommended three methods of hardening Internet Explorer and vulnerable versions of Office against the attack.

"We encourage affected customers to implement the manual workarounds included in the Advisory, which Microsoft has tested," Bill Sisk, security program manager for Microsoft, said in a blog post. "Although these workarounds will not correct the underlying vulnerability, they help block known attack vectors."

Exploiting vulnerabilities in Microsoft Office has become a favored method of attackers aiming to compromise specific computers. Such targeted attacks have increasingly become a threat to companies and government agencies, since computer-emergency response organizations flagged the attacks in 2005. Many of the attacks come from servers based in China, and while some targets of the attacks suggest that Chinese interests are directing the intrusions, experts caution that finding the ultimate source of online activity is nearly impossible.

Microsoft recommends that users prevent COM objects from running in Internet Explorer, restrict ActiveX components from running in Internet Explorer, or set Internet and local intranet settings to "High" in Internet Explorer.

The vulnerable ActiveX control appears to be present in the Access database software that ships with Microsoft Office 2000, 2002, and 2003, Microsoft stated.

If you have tips or insights on this topic, please contact SecurityFocus.