It seems like just the other day when Microsoft started getting hit by a not-actually-zero-day-vuln in IE through an ActiveX control for video.  Why not actually?  Because the bug was actually reported to Microsoft ages back, but Microsoft just didn’t feel like releasing any patches.

Well, Microsoft has been hit again.  Yes, in IE.  Yes, in yet another ActiveX control.

This time it’s not video though, it’s Office Web Components.  Yipee!  The vulnerability is in an ActiveX control used to display Excel spreadsheets on web pages.  Attacks are supposedly happening in China, but could hit people anywhere else any day now.

Of course I’m not exactly sure just why someone would be looking at an Excel spreadsheet in Internet Explorer when there’s, you know, Excel.  But hey.  It’s a security hole.  If you use IE, then you’re potentially at risk.  Although it’s been said that Vista’s increased security features do actually board up the security hole in this case.

It’s particularly concerning however since it seems a little too close to Patch Tuesday to have a fix.  So it’ll be at least a month until we see a patch.

So be warned.  Be wary.

And for goodness sake Microsoft, give us some patches already!