Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

[News] Microsoft's Anti-competitive Software Puts Cisco and Adobe at the Stake

Hash: SHA1

Adobe and Cisco extensions vulnerable to Microsoft's ATL problems

,----[ Quote ]
| Microsoft's ATL problem is spreading. Many other software vendors are 
| affected, among them Adobe and Cisco. The total number of vendors with 
| vulnerable controls is currently unclear. In an interview with heise 
| Security, Microsoft executive Andrew Cushman confirmed that it is not known 
| how many ActiveX controls are affected. Cushman said this is the first time a 
| Microsoft library has been affected by a security problem. According to the 
| executive, Redmond appreciates that this patch not only affects corporate IT 
| teams, but also requires action from software developers.       


“At Microsoft I learned the truth about ActiveX and COM and I got very
interested in it inmediately [sic].”

                                        --Miguel de Icaza

The latest Flash vulnerability and monoculture

,----[ Quote ]
| This highlights an unfortunate instance of monoculture -- nearly everyone on 
| the internet uses Flash for nearly all the video they watch, so just about 
| everyone in the world is using a binary module from a single vendor day in, 
| day out.   



Second unpatched ActiveX bug hits IE

,----[ Quote ]
| Scallywags are using an unpatched vulnerability in an ActiveX component to
| distribute malware, Microsoft warned on Monday. The development adds to
| already pressing unresolved Internet Explorer security bug woes.
| No patch is available for the Office Web Components ActiveX security hole,
| although there are workarounds which can be automated for enterprise
| rollouts. The flawed component is used by IE to display Excel spreadsheets,
| greatly increasing the scope for mischief. Win XP and Win 2003 systems are
| particularly at risk, while the additional security controls in Vista cover
| Microsoft's modesty.


Microsoft Keeps Beating a Dead Browser

,----[ Quote ]
| The question is why? If the destination is what matters, why does Microsoft
| care so deeply what browser people use to get there? Maybe this: Unless Bing
| is the browser's default search engine, no one will go there after the
| novelty wears off. That's probably enough to make anyone at Microsoft lose
| their lunch.


ActiveX Regulations in South Korea (revisited)

,----[ Quote ]
| ActiveX control is widely used by Internet Explorer to load applications or
| components in Windows. It’s a useful piece of control, but is not without
| issues. In fact, ActiveX is known for security problems.
| Despite security short-comings, ActiveX had been welcomed into the community
| and flourished. Surprisingly, more so in banks where security is a top
| priority. Believe it or not, ActiveX is so widely used that the South Korean
| government decides to make it compulsory for all banks to have it.
| Other major browsers have resisted supporting ActiveX. Until now. Google
| Chrome has now decided to support ActiveX, but only in South Korea.


ActiveX bugs pose threat to Vista, Microsoft reports

,----[ Quote ]
| Although computers running Windows Vista are significantly less likely to be
| infected with attack code than machines running Windows XP, the newer
| operating system continues to be threatened by Microsoft Corp.'s own ActiveX
| browser plug-in technology, according to a report issued Monday by the
| company.


Microsoft probing ActiveX attacks targeting Access feature

,----[ Quote ]
| The vulnerability only affects the ActiveX control for the Snapshot Viewer
| for Microsoft Office Access 2000, 2002 and 2003.


Report: ActiveX, QuickTime are buggiest browser plug-ins

,----[ Quote ]
| Microsoft's technology, primarily used to create add-ins for Internet
| Explorer, accounted for 79 per cent of the 239 plug-in bugs discovered
| between July and December 2007, Symantec said.  


New Attack Kit Targets Bag of ActiveX Bugs

,----[ Quote ]
| Bugs in ActiveX, a Microsoft technology used most often to create add-ons for
| the company's Internet Explorer (IE) browser, have always been common, but so
| many serious flaws have been disclosed of late that some security experts
| have recommended users do without them.  


Be prepared: ActiveX attacks will persist

,----[ Quote ]
| A recent string of high-profile ActiveX vulnerabilities caused the U.S.
| Computer Emergency Readiness Team (US-CERT) to advise users to disable the
| ubiquitous Microsoft browser plug-in technology altogether.  


Will Microsoft Change How ActiveX Runs in IE 8?

,----[ Quote ]
| Some security experts, like Will Dormann, a vulnerability analyst at the
| Carnegie Mellon Software Engineering Institute CERT/CC, are calling for
| ActiveX to be disabled from running by default in IE 8.  
| Dormann is telling IE users that they should, from a security perspective,
| disable ActiveX controls from running by default. "It would be nice if this
| is something Microsoft did with the next version of the browser," he said.  



Rogue ActiveX controls menace users

,----[ Quote ]
|  Flaws in ActiveX controls are being increasingly used to run security
|  exploits.
| [...]
| An attack exploiting this vulnerability can lead to arbitrary code execution
| by a remote attacker," a blog posting by Symantec researcher Parveen
| Vashishtha warns.  


RealPlayer Attack Circulating

,----[ Quote ]
| The attack exploits a flaw in an ActiveX browser helper object, software that
| RealPlayer employs to help users who are experiencing technical difficulties,
| so the PC must be using the Internet Explorer browser to be affected by this
| particular attack, Symantec said.  


Yahoo! battered by second ActiveX vulnerability

,----[ Quote ]
| The vulnerabilities affect versions of Yahoo! Messenger 8.x prior to version
|, released late last week. Users are urged to upgrade.


Way Too ActiveX

,----[ Quote ]
| Today, over at Symantec's Security Response Weblog, Greg Ahmad
| reveals startling--and I do mean shocking--increases in ActiveX
| vulnerabilities. According to Symantec, ActiveX vulnerabilities
| stayed in the 12- to- 15-a-year range from 2002 to 2005. For
| 2006, the number of vulnerabilities "reached 50," with 42 in
| the second half of the year--coincidentally, the same time
| period Microsoft finished up and released Internet Explorer 7.


Acer puts Active X hole on laptops

,----[ Quote ]
| Laptop outfit Acer seems to have placed an Active X control on its
| computers that seems to allow webpages to execute any program.
| This huge hole in network security has been installed on board Acer
| lap-tops since 1998.


Adobe Confirms 'Critical' Reader, Acrobat Exploits With IE

,----[ Quote ]
| A critical security vulnerability in an ActiveX control used by
| Internet Explorer could allow malicious hackers to use Adobe's
| Reader and Acrobat software to launch PC hijack attacks,
| according to a warning from Adobe Systems.


Month of ActiveX bugs project begins with two Office flaws

,----[ Quote ]
| A hacker known as shinnai kicked off his "Month of ActiveX Bugs"
| (MoAxB) project with a bang by exposing a number of severe
| vulnerabilities affecting OCX controls in Microsoft Office.

Version: GnuPG v1.4.9 (GNU/Linux)


[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index