Feeds

back to article Second unpatched ActiveX bug hits IE

Scallywags are using an unpatched vulnerability in an ActiveX component to distribute malware, Microsoft warned on Monday. The development adds to already pressing unresolved Internet Explorer security bug woes. No patch is available for the Office Web Components ActiveX security hole, although there are workarounds which can be …

COMMENTS

This topic is closed for new posts.
Happy

Tell Hillary...

I love it - "Swiss cheese browser gains extra hole" - that made my day. Quick, someone pass this to hillary.

0
0
Linux

Limited User Account

If you haven't already done so, it might be a good time to consider running XP as a Limited User. It only takes a few minutes to set up and it is one of the most important security precautions you can take. It's no magic bullet but it does make life an awful lot harder for the bad guys. If you need further convincing, check out:

http://blogs.msdn.com/aaron_margosis/pages/TOC.aspx

Tux, because my daughter requested that I reinstall Linux yesterday so she could run some old Windows 95 games under Wine. Installed Linux Mint so that it could run directly off the Windows partition. So far, so good.

0
0
Silver badge

Delving a Little Deeper into Pandora's Box of Immaculate Delights

"Nonetheless, the current outbreak of unpatched ActiveX bugs has prompted some security watchers, including the SANS Institute's Internet Storm Centre (here) and F-Secure (here), to advise punters to consider using alternative browsers in preference to Internet Explorer. "

It is not a browser bug, it is a Private Pirate Trojan for Entering Systems Operations with Source Core Controls. And MSHacked with Virtual Control/Thought Projection and Realisation. It would then make them a Mammoth Open Source Tool of Printed Cash for Free EntrePreNeuReal Distribution...... is One Option Available in the AIdDerivative Virtual Futures Market.

0
0
Happy

And now for something completely different...

a security hole in IE...

0
0
Jobs Horns

What a shock!

Vulnerabilities in IE exploiting ActiveX? Really? Surely not?

As so many times in the past, a partial solution (as your story points out) is to use one of the many free alternatives to Internet Explorer (plus, of course, patching and hardening the hell out of WinXP).

Or, of course, a better solution is to use one of the alternatives to Windows such as a Mac or Linux.

0
0
Go

SANS Twitter feed got this early

SANS ISC has an excellent Twitter feed that got word of this flaw out at 22:48 UTC yesterday. Well worth picking up the tweet if you have responsibilities for squashing these types of bugs: http://twitter.com/sans_isc_fast

0
0
FAIL

Maybe Hillary Clinton and Pat Kennedy need to look into this...

Firefox on the corporate/government network looks more and more appealing...

0
0
Silver badge
Flame

@Toastan Buttar

Good advice. Unless of course you're a Microsoft shop and have installed some of their software that requires the local user to have administrative privileges on their PC....

Been there, tried that, got my head handed to me on the proverbial platter.

Now go back to your Security Awareness class.

0
0

@Tom 13

IT depts can do whatever they want. It might however make sense for some El Reg readers to consider changing to LUA on their home XP machines. Improved security for zero cost ? Sounds like a win to me.

Now go back to your Cynicism 101 class.

0
0
Alert

I can't believe...

There are really people out there that still run ActiveX?

Oh wait, right. You disable it and disable it, and every time you update something on your system its magically reenabled again. Sorry, my bad.

0
0
Anonymous Coward

@ Toastan Buttar

"IT depts can do whatever they want"

Really? Wow. If you work in an IT department I hope to never have to work in that organisation.

Now go back to your day job.

0
0
Jobs Horns

Too many now

This gets to be beyond the funny joke.

Mozilla must launch program to help user stop IE before it starts as part of security suite, or uninformed user will accidentally use it and have their bank stolen.

Why IE developers not prosecuted for all this?

0
0
Thumb Up

@ Toastan Buttar

Well said only 3 out of 500 desktops here have admin rights. I always run XP with restricted rights most apps don't require admin rights or just a minor permissions tweek to get them working. If you must then use 'runas' to run an app as an admin or login as an admin but don't browse the internet while you are.

0
0
Boffin

Oops-as bad as Firefox's latest cockup...

http://secunia.com/advisories/35798

Description:

SBerry has discovered a vulnerability in Mozilla Firefox, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error when processing JavaScript code handling e.g. "font" HTML tags and can be exploited to cause a memory corruption.

Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in version 3.5. Other versions may also be affected

Solution: Do not browse untrusted websites or follow untrusted links. <Doooh>

Quickly, let's all move to the "secure" Firefox browser [all of the cool kids are using it}! Bwahahahaha

0
0
Happy

@Tom 13

Pray tell what MS software *requires* Admin? Typically most software that /appears/ to require admin needs little more than relaxed permissions on a few reg keys or a folder or two.

All my users are running as User, they don't even get to be power user on their own machine. No print driver installs, no changing the screen resolution, nothing administrative. I've had to loosen a few registry and folder permissions for AutoCAD and some other software but I never had a problem with Office 97. Haven't run any Office version since then and OpenOffice needed no special tweaks at all.

In a friends office I administer the users needed local admin to run QuickBooks and that is reason enough that I tell everyone that QuickBooks is the worst designed piece of software I've ever encountered. I believe they've now addressed that in the most recent version.

0
0
Happy

Old fart is old

> "IT depts can do whatever they want"

>

> Really? Wow. If you work in an IT department I hope to never have to work in that organisation.

FWIW, I'm a software engineer for a multinational company. Our IT is outsourced to a, well....different multinational IT group. Our developer machines are almost entirely Windows XP and user privileges are tied down pretty firmly by that IT group (i.e. even developers don't have admin rights on Windows) . Personally, I think it's a Good Thing. To a limited degree, I apply the same policies at home. It works well for me and I hope I've given others a friendly tip to enable them to be that little bit more secure.

> Now go back to your day job.

Happy to. I like my job. Do you ?

0
0
Bronze badge
Boffin

@eddie

I second that. I recall getting some troublesome apps from Adobe to work that way. A good practice, though hard work, is to repackage the software for automated deployment, correct perms guaranteed that way.

0
0
Anonymous Coward

RadioactiveX

Has anyone ever discovered someone who says 'Bwahahahaha' who isn't as thick as a brick?

0
0
This topic is closed for new posts.