Microsoft Excel security vulnerability

I don't publish these too often, but this is a fairly significant threat, especially because it is being actively exploited.

The SANS Internet Storm Center has raised its alert level to
"yellow" in response to Microsoft Security Advisory 973472:

http://isc.sans.org/diary.html?storyid=6778

http://support.microsoft.com/kb/973472

http://www.microsoft.com/technet/security/advisory/973472.mspx

Microsoft Office Web components are allowing remote code execution
based on an ActiveX control instantiated for Excel. This
vulnerability is being actively exploited on web sites for
drive-by download infections.

No patch yet, but workarounds include:

* use a non-ActiveX browser such as Firefox
* set kill bits for two more CLSIDs (see above)

The KB article links to a tool end users can use; in active directory domains the registry changes can
be pushed via group policy.