back to article Second unpatched ActiveX bug hits IE

Scallywags are using an unpatched vulnerability in an ActiveX component to distribute malware, Microsoft warned on Monday. The development adds to already pressing unresolved Internet Explorer security bug woes. No patch is available for the Office Web Components ActiveX security hole, although there are workarounds which can …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Happy

    Tell Hillary...

    I love it - "Swiss cheese browser gains extra hole" - that made my day. Quick, someone pass this to hillary.

  2. Toastan Buttar
    Linux

    Limited User Account

    If you haven't already done so, it might be a good time to consider running XP as a Limited User. It only takes a few minutes to set up and it is one of the most important security precautions you can take. It's no magic bullet but it does make life an awful lot harder for the bad guys. If you need further convincing, check out:

    http://blogs.msdn.com/aaron_margosis/pages/TOC.aspx

    Tux, because my daughter requested that I reinstall Linux yesterday so she could run some old Windows 95 games under Wine. Installed Linux Mint so that it could run directly off the Windows partition. So far, so good.

  3. amanfromMars 1 Silver badge

    Delving a Little Deeper into Pandora's Box of Immaculate Delights

    "Nonetheless, the current outbreak of unpatched ActiveX bugs has prompted some security watchers, including the SANS Institute's Internet Storm Centre (here) and F-Secure (here), to advise punters to consider using alternative browsers in preference to Internet Explorer. "

    It is not a browser bug, it is a Private Pirate Trojan for Entering Systems Operations with Source Core Controls. And MSHacked with Virtual Control/Thought Projection and Realisation. It would then make them a Mammoth Open Source Tool of Printed Cash for Free EntrePreNeuReal Distribution...... is One Option Available in the AIdDerivative Virtual Futures Market.

  4. AchimR
    Happy

    And now for something completely different...

    a security hole in IE...

  5. Sceptical Bastard
    Jobs Horns

    What a shock!

    Vulnerabilities in IE exploiting ActiveX? Really? Surely not?

    As so many times in the past, a partial solution (as your story points out) is to use one of the many free alternatives to Internet Explorer (plus, of course, patching and hardening the hell out of WinXP).

    Or, of course, a better solution is to use one of the alternatives to Windows such as a Mac or Linux.

  6. Brett Brennan 1
    Go

    SANS Twitter feed got this early

    SANS ISC has an excellent Twitter feed that got word of this flaw out at 22:48 UTC yesterday. Well worth picking up the tweet if you have responsibilities for squashing these types of bugs: http://twitter.com/sans_isc_fast

  7. Anonymous Coward
    FAIL

    Maybe Hillary Clinton and Pat Kennedy need to look into this...

    Firefox on the corporate/government network looks more and more appealing...

  8. Tom 13
    Flame

    @Toastan Buttar

    Good advice. Unless of course you're a Microsoft shop and have installed some of their software that requires the local user to have administrative privileges on their PC....

    Been there, tried that, got my head handed to me on the proverbial platter.

    Now go back to your Security Awareness class.

  9. Toastan Buttar

    @Tom 13

    IT depts can do whatever they want. It might however make sense for some El Reg readers to consider changing to LUA on their home XP machines. Improved security for zero cost ? Sounds like a win to me.

    Now go back to your Cynicism 101 class.

  10. Eddie Johnson
    Alert

    I can't believe...

    There are really people out there that still run ActiveX?

    Oh wait, right. You disable it and disable it, and every time you update something on your system its magically reenabled again. Sorry, my bad.

  11. Anonymous Coward
    Anonymous Coward

    @ Toastan Buttar

    "IT depts can do whatever they want"

    Really? Wow. If you work in an IT department I hope to never have to work in that organisation.

    Now go back to your day job.

  12. Anonymous Coward
    Jobs Horns

    Too many now

    This gets to be beyond the funny joke.

    Mozilla must launch program to help user stop IE before it starts as part of security suite, or uninformed user will accidentally use it and have their bank stolen.

    Why IE developers not prosecuted for all this?

  13. Anonymous Coward
    Thumb Up

    @ Toastan Buttar

    Well said only 3 out of 500 desktops here have admin rights. I always run XP with restricted rights most apps don't require admin rights or just a minor permissions tweek to get them working. If you must then use 'runas' to run an app as an admin or login as an admin but don't browse the internet while you are.

  14. Anonymous Coward
    Boffin

    Oops-as bad as Firefox's latest cockup...

    http://secunia.com/advisories/35798

    Description:

    SBerry has discovered a vulnerability in Mozilla Firefox, which can be exploited by malicious people to compromise a user's system.

    The vulnerability is caused due to an error when processing JavaScript code handling e.g. "font" HTML tags and can be exploited to cause a memory corruption.

    Successful exploitation allows execution of arbitrary code.

    The vulnerability is confirmed in version 3.5. Other versions may also be affected

    Solution: Do not browse untrusted websites or follow untrusted links. <Doooh>

    Quickly, let's all move to the "secure" Firefox browser [all of the cool kids are using it}! Bwahahahaha

  15. Eddie Johnson
    Happy

    @Tom 13

    Pray tell what MS software *requires* Admin? Typically most software that /appears/ to require admin needs little more than relaxed permissions on a few reg keys or a folder or two.

    All my users are running as User, they don't even get to be power user on their own machine. No print driver installs, no changing the screen resolution, nothing administrative. I've had to loosen a few registry and folder permissions for AutoCAD and some other software but I never had a problem with Office 97. Haven't run any Office version since then and OpenOffice needed no special tweaks at all.

    In a friends office I administer the users needed local admin to run QuickBooks and that is reason enough that I tell everyone that QuickBooks is the worst designed piece of software I've ever encountered. I believe they've now addressed that in the most recent version.

  16. Toastan Buttar
    Happy

    Old fart is old

    > "IT depts can do whatever they want"

    >

    > Really? Wow. If you work in an IT department I hope to never have to work in that organisation.

    FWIW, I'm a software engineer for a multinational company. Our IT is outsourced to a, well....different multinational IT group. Our developer machines are almost entirely Windows XP and user privileges are tied down pretty firmly by that IT group (i.e. even developers don't have admin rights on Windows) . Personally, I think it's a Good Thing. To a limited degree, I apply the same policies at home. It works well for me and I hope I've given others a friendly tip to enable them to be that little bit more secure.

    > Now go back to your day job.

    Happy to. I like my job. Do you ?

  17. foo_bar_baz
    Boffin

    @eddie

    I second that. I recall getting some troublesome apps from Adobe to work that way. A good practice, though hard work, is to repackage the software for automated deployment, correct perms guaranteed that way.

  18. Anonymous Coward
    Anonymous Coward

    RadioactiveX

    Has anyone ever discovered someone who says 'Bwahahahaha' who isn't as thick as a brick?

This topic is closed for new posts.

Other stories you might like