|
MS-DEFCON 2:
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it.
|
-
Yet Another Internet Explorer/ActiveX 0day
Posted on July 7th, 2009 at 18:41 6 commentsIf you use Internet Explorer 6 or 7 on Windows XP, you can get infected by simply visiting a Web site, thanks to another bad hole in a Microsoft ActiveX control known as the Video ActiveX control.
Those using IE 8 or Vista apparently aren’t affected.
The Video Control is “the main component that Microsoft Windows Media Center uses to build filter graphs for recording and playing television video.”
As far as I can tell, the problem was first identified way back in 2007 by Hustle Labs. The Common Vulnerabilities and Exposures identification number CVE 2008-0015, which Microsoft uses to describe the hole, links to a vulnerability first reserved in December, 2007.
The solution? You can run Microsoft’s Fixit patch, described in Security Advisory 972890.
Or you can surf with Firefox, Chrome, or anything but Internet Explorer.
Sound familiar?
No idea when MS will come up with a permanent solution.
6 responses to “Yet Another Internet Explorer/ActiveX 0day”
-
sanda July 7th, 2009 at 22:00
Thanks. Can we wait on the Fixit patch and just stay with the Firefox, which I like?
-
rcprimak July 8th, 2009 at 02:52
It’s nice to be able to run this Fixit as a downloaded application. Previous Fixits required running the process through the browser, and security considerations often prevented this. This one downloaded and ran within my security configuration with no problems. Nice to see Microsoft finally getting it about workarounds.
-
Absolutely. As long as you’re using Firefox or Chrome, you’re safe.
-
rc primak July 8th, 2009 at 22:47
Woody’s “Absolutely” should be read as referring to Sanda’s comment, not mine.
-
sanda July 9th, 2009 at 19:19
Hi. Please address the new Windows Secrets
idea of OpenDNS for safe surfing. It’s totally confusing to me. Would Firefox do as well? -
sanda July 9th, 2009 at 19:22
And doesn’t the new AVG8.5Free address that with its little symbols of “safe” when googling, next to items listed? What am I missing? (I’m never the only one.)
Leave a reply
-
Support AskWoody.com
Click on this list to get
Woody ’s books at Amazon.com
- Windows 7 All-In-One For Dummies
- Green Home Computing For Dummies
- Windows Vista All-In-One Desk Reference For Dummies
- Windows Vista Timesaving Techniques For Dummies
- Windows XP All-In-One Desk Reference For Dummies
- Windows XP Timesaving Techniques For Dummies
- Windows XP Hacks & Mods For Dummies
- Windows Home Server For Dummies
- Special Edition Using MS Office 2007
- Special Edition Using MS Office Home & Student 2007
- Special Edition Using MS Office 2003
- Office 2003 Timesaving Techniques For Dummies
- Special Edition Using MS Office 2003, Student-Teacher Edition)