Windows 7 ActiveX Killbits
Microsoft has released two downloads containing ActiveX Killbits for the 32-bit and the 64-bit flavors of Windows 7 Release Candidate Build 7100.
windows -
comments -
16.7.2009 Internet Explorer ActiveX update
Microsoft is releasing a software update to Microsoft Internet Explorer 6 for Microsoft Windows XP Service Pack 2 (SP2) and for Microsoft Windows Server 2003 Service Pack 1 (SP1).
microsoft -
comments -
4.4.2006 Microsoft ActiveX Analyzer Tool
The ActiveX Analyzer Tool is designed to scan for and identify object, applet, and embed tags in code. The utility will output the complete file path, line number, and literal script that the tag(s) reside in so that the user can easily open the file and locate the code.
microsoft -
comments -
29.4.2006 ActiveX Is Vulnerable to Attacks Even Without Vulnerabilities
Internet Explorer users are vulnerable to attacks targeting ActiveX, even when ActiveX is vulnerability-free, claims security company Symantec.
microsoft -
comments -
11.8.2008 IE Automatic Component Activation - Changes to IE ActiveX Update
Back in April 2006, we made a change to how Internet Explorer handled embedded controls used on some webpages.
microsoft -
comments -
9.11.2007 Microsoft Security Advisory 927891 non security-Fix for Windows Installer
Ok this is the MSI fix (Windows Update Client 100%CPU issue) as discussed before here on Bink.nu. For best results also install the new update client . This client will be distributed worldwide in June through Microsoft/Windows Update and WSUS.
microsoft -
comments -
23.5.2007 Microsoft Windows Vista Security: Setting a New Standard for Security and Privacy Through Innovation and Collaboration
For more than 30 years, information and communications technologies have transformed the global economy and personal communications.
windows -
comments -
17.9.2006 Security Tab Fixer for Windows XP - Activate Security Tab Under File, Folder Property Menu
Unlike Windows Vista & Windows 7, Window XP do not show Security tab under file or folder properties dialogue box.
download -
comments -
28.6.2009 Windows 7 security enhancements
Windows 7 makes remote connectivity to corporate networks seamless, protects data on thumb drives, and offers fewer user account control prompts to bug users compared to Vista, Microsoft said on Monday.
windows -
comments -
24.4.2009 Windows Vista's new security features
Microsoft's new operating system won't be out until late 2006, but here's a look at some of the new security features expected.
It seems that every time I sit down with Microsoft to discuss Windows Vista, something has been changed or added, which is good. In some cases, something has been removed, which is bad. One and a half years from launch, I understand that beta code changes frequently. Here's my standard disclaimer: the following article is based on the last build from Microsoft, Windows Vista build 5219, released September 2005.
windows -
comments -
Security Update for Windows Vista
A remote code execution security issue has been identified in the Graphics Rendering Engine that could allow an attacker to remotely compromise your Windows-based system and gain control over it.
windows -
comments -
16.1.2006 Security warnings over Windows Vista
Microsoft is coming under increasing fire over the security of its Windows software.
windows -
comments -
3.10.2006 First security fail found in Windows 7
The good folks at F-Secure uncover the first Windows 7 security fail and its a classic.
windows -
comments -
5.5.2009 Microsoft Windows XP Security Guide 2.2
The Windows XP Security Guide has been updated to provide specific recommendations about how to harden computers that run Windows XP with SP2 in three distinct environments.
download -
comments -
12.4.2006 Windows Gets Largest Security Update in Over a Year
12. That's the number of updates to be released with the June security patches. Of the twelve, nine are specific to the Windows operating system itself and one of those is listed as "critical" designating it as a severe security concern. Two are related to the Microsoft Office productivity suite and one is for Microsoft Exchange e-mail server.
windows -
comments -
13.6.2006 Introduction to Windows Firewall with Advanced Security
Windows Firewall with Advanced Security is a stateful, host-based firewall that blocks incoming and outgoing connections based on its configuration.
download -
comments -
19.8.2006 Critical Security Update for Windows 7 Beta
A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain control over it.
download -
comments -
11.3.2009 Download Windows 7 Security Audit Events
Security does by no means stop with the implementation of products designed to safeguard Windows from malicious code or exploits.
windows -
comments -
2.7.2009 New Beta for Windows 7 and IE8 Security Baselines
Microsoft has debuted a new Beta program via Connect focused on the Windows 7 and Internet Explorer 8 Security Baselines.
microsoft -
comments -
16.7.2009 Pirating Windows? No free Security Essentials for you!
Microsoft has confirmed via its Genuine Windows Blog that only those Windows users running genuine, validated copies will be able to download and install the new Microsoft Security Essentials software.
windows -
comments -
1.10.2009 New Windows Vista Firewall Fails on Outbound Security
Analysis: New Windows Vista Firewall Fails on Outbound Security. Microsoft touts Windows Vista's significant security improvements but we've found that the firewall in this OS offers little outbound protection.
windows -
comments -
9.2.2007 A security issue in Microsoft Windows Deployment Services?
Netanel Ben-Shushan from Israel writes: We've been talked about Microsoft's new tool for remote installation named Windows Deployment Services (or WDS), and Alex told me today that there's an important security issue in WDS.
microsoft -
comments -
19.2.2007 Microsoft Windows Server 2003 Security Guide updated (2.1)
This updated version of the Windows Server 2003 Security Guide provides specific recommendations for hardening computers that run Microsoft Windows Server 2003 with Service Pack 1 (SP1) in three distinct enterprise environments. The Legacy Client (LC) environment must support older operating systems such as Windows NT 4.0 and Windows 98. In the Enterprise Client (EC) environment, Windows 2000 is the earliest version of the Windows operating system in use.
windows -
comments -
26.4.2006 Microsoft Responds On RSS Security Concerns in Windows Vista
After a Black Hat presentation called the potential of RSS feeds as an attack vector into question, Microsoft described steps they have taken to mitigate this.
windows -
comments -
9.8.2006 Patch Tuesday: MS plans 5 Security Patches, 4 for Windows
Bink is reporting that on Tuesday April 10, 2007 Microsoft plans to release the following updates as part of its Patch Tuesday cycle.
microsoft -
comments -
6.4.2007 Security flaw hits Safari for Windows only hours after release
Thanks to marct for this article. Security researcher Aviv Raff claims to have found the first security vulnerability in Apple's Safari browser on Windows only hours after the software was released.
common -
comments -
12.6.2007 Want Security? Drop Windows and Move to Linux, or Mac OS X
There is no silver bullet solution for security, and no foolproof client operating system. But the fact of the matter is that while neither Linux, nor Mac OS X and not even Windows Vista are panacea solutions for protecting users, they are all less attacked than Windows XP and older versions of the Microsoft platform.
windows -
comments -
10.9.2007 Project Codename Sundance Beta Windows Security Accelerator
Microsoft has debuted into Beta a new project designed to bulletproof the Windows platform along with the Office System.
windows -
comments -
17.12.2008 Microsoft patches 31 Windows, IE, Office security holes
Microsofts batch of patches this month is a big one: 10 bulletins covering a total of 31 documented vulnerabilities affecting the Windows OS, the Internet Explorer browser and the Microsoft Office productivity suite (Word, Works and Excel).
microsoft -
comments -
9.6.2009 Windows Server 2003 Service Pack 2 beta security updates
Dear WS03 SP2 Beta Tester,
Beginning in August 2006, Windows Serviceability will release monthly critical security updates for the Windows Server 2003 Service Pack 2 beta.
windows -
comments -
13.8.2006US-CERT: Turn Off ActiveX for Security
Although it's not the first
time this branch of the US
Dept. of Homeland Security has
made this suggestion, its
Computer Emergency Response
Team this morning is
recommending that users
disable ActiveX altogether, in
the wake of yesterday's
discovery of a critical
vulnerability...
betanews.com -
02.11.2006IE8 Security Part II: ActiveX Improvements
Hi, Im Matt Crowley, Program Manager for Extensibility with Internet Explorer. The team was very excited to be at the
RSA security conference last month discussing the security features of
Internet Explorer 8 Beta 1. In this, the second part of the IE8 Security blog series, I describe the ActiveX improvements in IE8 and summarize the
existing ActiveX-related security features carried over from earlier browser versions.
winbeta.org -
08.05.2008Vulnerability in ActiveX Data Objects
This morning, Microsoft's
Security Response Center
acknowledged the discovery of
a vulnerability affecting its
key ActiveX Data Objects
database control. It's
another way to overload
Windows so that malicious
users can possibly execute
restricted areas of binary
code...
betanews.com -
28.10.2006Will Microsoft Change How ActiveX Runs in IE 8?
Conspicuously absent from Microsoft's annual MIX conference here was any discussion by the software giant about whether it plans to change the way
ActiveX will run in Internet Explorer 8.
Microsoft announced the
first beta for IE8, the latest version of its
Web browser, at the conference on March 5. The beta for IE 8 can be downloaded
here.
Some security
experts, like Will Dormann, a vulnerability analyst at the Carnegie Mellon Software Engineering Institute CERT/CC, are calling for ActiveX to be
disabled from running by default in IE 8.
winbeta.org -
06.03.2008Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access
Microsoft is investigating active, targeted attacks leveraging a potential vulnerability in the ActiveX control for the Snapshot Viewer for Microsoft
Access. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability
could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.
The ActiveX control for the Snapshot Viewer for Microsoft Access enables you to view an Access report snapshot without having the
standard or run-time versions of Microsoft Office Access. The vulnerability only affects the ActiveX control for the Snapshot Viewer for Microsoft
Office Access 2000, Microsoft Office Access 2002, and Microsoft Office Access 2003.
The ActiveX control is shipped with all
supported versions of Microsoft Office Access except for Microsoft Office Access 2007. The ActiveX control is also shipped with the standalone
Snapshot Viewer.
winbeta.org -
07.07.2008Microsoft: Ask us and we'll kill your ActiveX control
Microsoft this week said it would lock down other vendors' software using Windows Update-delivered fixes if those companies ask Microsoft to help
stymy attacks. The company explained its efforts after being asked about a security update that disabled a vulnerable ActiveX control used by Yahoo's
music player program.
"If an independent software vendor discovers that they have shipped a vulnerable
control, they
should e-mail secure@microsoft.com to work with Microsoft to issue a kill bit, disabling that control," Tim Rains, a spokesman for the Microsoft
Security Response Center (MSRC), said in an e-mail.
winbeta.org - 10.04.2008
Microsoft warns of serious IE exploit discovered
A very critical security vulnerability has been discovered without a fix for it yet. The exploit can hijack a computer remotely by the victim simply
visiting a compromised web site. The attack allows hackers to exploit a hole into the victims computer through Microsoft Video ActiveX Control. The
"zero day" vulnerability affects only Internet Explorer users through compromised web sites through part of its software used to play videos. The
exploit can only attack users running Windows XP and Windows Server 2003 within the msvidctl.dll file that hosts this ActiveX Control. Microsoft
recommends removing support for this ActiveX Control within Internet Explorer.
Read full story.....
neowin.net - 07.07.2009
Remote Desktop Web Connection ActiveX Control Available
The downloadable Remote
Desktop Web Connection ActiveX
control provides most of the
same functionality as the full
Remote Desktop Connection
software; however, the Remote
Desktop Web Connection is
designed to deliver this
functionality over the Web.
The Web package
Setup program installs the
downloadable ActiveX control
and sample Web page on a
server running Internet
Information Services (IIS) 4.0
or later.
Supported Operating
Systems: Windows 2000; Windows
95; Windows 98; Windows NT;
Windows Server 2003; Windows
XP
winbeta.org - 27.07.2007
ActiveX Under Seige: Facebook, MySpace Image Uploaders Vulnerable
Web surfers are urged to immediately disable ActiveX controls from IE to protect against a swath of publicly reportedand unpatchedsoftware
vulnerabilities.
The US-CERT is urging Web surfers to immediately disable ActiveX controls from Internet Explorer to protect
against a swath of publicly reportedand unpatchedsoftware vulnerabilities.
The US-CERT (Computer Emergency Response Team)
recommendation follows the release of exploit code for multiple zero-day flaws in image uploaders used by Facebook and MySpace and bugs in the ActiveX
control that ships with the Yahoo Music Jukebox software.
winbeta.org - 05.02.2008
Microsoft warns of hole in Video ActiveX control
Microsoft on Monday warned of a vulnerability in Microsoft Video ActiveX Control that could allow an attacker to take control of a PC if the user
visited a malicious Web site.
There have been limited attacks exploiting the hole, which affects Windows XP and Windows Server
2003, Microsoft said on its Security Response Center blog.
winbeta.org - 06.07.2009
Microsoft Rolls Out IE6
ActiveX Change
Microsoft this week delivered
a long-awaited update for
Internet Explorer 6 that
changes the way the browser
loads embedded ActiveX
control. The modification
comes as part of an ongoing
patent dispute with Eolas
Technology and the University
of California...
betanews.com - 01.03.2006
Microsoft to Modify ActiveX in
IE Update
In order to avoid infringing
on a controversial patent that
it has been struggling to
battle in court, Microsoft has
decided to change the way
Internet Explorer loads
embedded ActiveX controls. An
update for IE will be rolled
out early next year, the
company says...
betanews.com - 05.12.2005
Where Are the IE 8 Security Goodies?
There's a conspicuous absence of information about whether IE8 will include anti-malware blockers, anti-virus integration or changes to dangerous
ActiveX-related defaults.
The first beta of Microsoft's new Internet Explorer 8 browser looks surprisingly sparse on
security-related features and improvements.
The browser makeover, expected to be unveiled at the MIX08 conference in Las Vegas
this week, will feature several nifty productivity features but there's a conspicuous absence of information about whether IE8 will include
anti-malware blockers, anti-virus integration or changes to dangerous ActiveX-related defaults.
winbeta.org - 05.03.2008
ActiveX Controls Still
Vulnerable After Four Years
Activity spotted by an eWeek
reporter on at least two
"gray-hat"
vulnerability research sites
appears to indicate that an
exploit for a weakness in one
of Microsoft's Multimedia
ActiveX controls discovered
last June may still be
feasible, even after four
years of patches...
betanews.com - 15.09.2006
Symantec patches critical Norton flaw
A bug in the way Norton
AntiVirus software uses the
ActiveX programming language
could cause serious problems
for users of Symantec's
products.
On Thursday, Symantec
patched the flaw warning that
a bug in two ActiveX controls
used by Symantec's client
software could allow an
attacker to run unauthorized
software on a victim's
computer. Security vendor
Secunia ApS rates
the problem as "highly
critical."
The flaw is an "input
validation" error, meaning
that Norton doesn't properly
check the data it's receiving
to ensure that it can't be
mistaken for malicious
commands. The bug affects
users of the 2006 versions of
Norton AntiVirus, Norton
Internet Security, and Norton
System Works. Norton Internet
Security 2006, Anti Spyware
Edition is also affected. ..
winbeta.org - 10.08.2007
Be prepared: ActiveX attacks will persist
A recent string of high-profile ActiveX vulnerabilities caused the U.S. Computer Emergency Readiness Team (US-CERT) to advise users to disable the
ubiquitous Microsoft browser plug-in technology altogether. The vectors for these recent exploits include a third-party
image
uploading tool used on both the Facebook and MySpace social networking sites, and flaws found in Yahoo's Music
Jukebox, Real Networks' RealPlayer, and Apple's QuickTime.
"We're seeing an increase in exploits aimed at these types of
tools that are commonly used with a variety of technologies
including social networking sites and multimedia players. As
online crime becomes more prominent, malicious actors are taking
advantage of these types of vulnerabilities to accomplish
their objectives," said a spokesman at the U.S. Department of Homeland
Security, which oversees the US-CERT.
winbeta.org - 19.02.2008
Mystery of RealPlayer exploit, hijacked ad server unfolds
A week after Symantec security researchers traced the elaborate course of a malware exploit -- apparently devised in the Netherlands -- to what may be
a compromised ad server belonging to Internet advertising company 24/7 Real
Media, the attack method isnt fully understood.
The investigation started publicly last Friday when Symantec issued a 10-page
DeepSight Threat Management System Threat Analysis written by Aaron Adams, Raymond Ball and Anthony Roe. The report accurately detailed the discovery
of a zero-day attack based on a buffer overflow vulnerability in an ActiveX control in the popular desktop media player, RealPlayer from
RealNetworks.
Its an ActiveX vulnerability, and this RealPlayer exploit runs JavaScript, said Oliver Friedrichs, director of
Symantecs security response division. The ActiveX control allows the malicious code to run, and it downloads a Trojan, one called Zonebac, which can
disable security applications, modify the registry and perhaps later download more code. Just having RealPlayer on the desktop was enough.
winbeta.org - 25.10.2007
Microsoft Security Advisory (926043) Remote Code Execution
Microsoft is investigating new
public reports of a
vulnerability in supported
versions of Microsoft Windows.
Customers who are running
Windows Server 2003 and
Windows Server 2003 Service
Pack 1 in their default
configurations, with the
Enhanced Security
Configuration turned on, are
not affected. We are also
aware of proof of concept code
published publicly. We are not
aware of any attacks
attempting to use the reported
vulnerability or of customer
impact at this time. We will
continue to investigate these
public reports.
The
ActiveX control called out in
the public reports and in the
Proof of Concept code is the
Microsoft WebViewFolderIcon
ActiveX control (Web View).
The vulnerability exists in
Windows Shell and is exposed
by Web View.
We are
working on a security update
currently scheduled for an
October 10 release.
Customers are encouraged to
keep their anti-virus
software up to date.
neowin.net - 30.09.2006
ActiveX Triggers "Critical" Windows Hole
Microsoft is investigating
reports of a vulnerability in
a Windows ActiveX control that
could allow an attacker to
remotely take control of a
computer. One security company
rated the vulnerability
critical, while Microsoft said
it allowed only limited
attacks.
The
vulnerability, which is not
patched yet, affects certain
versions of Windows running
Microsoft XML Core Services
4.0, a set of tools that
allows programmers to use
scripting languages to access
XML documents. The affected
versions are Windows 2000
Service Pack 4, Windows XP
Service Pack 2, Windows Server
2003 and Microsoft Windows
Server 2003 Service Pack 1.
The SANS Institute
classified the flaw as a
zero-day vulnerability,
meaning the problem is public
but not patched. The French
Security Incident Response
Team called it "critical".
Microsoft issues patches for
its software on the second
Tuesday on the month. The
speed at which a patch is
issued depends on the risk of
the vulnerability, and the
company has issues patches out
of cycle for widely-exploited
vulnerabilities.
neowin.net - 06.11.2006
Scramble Against MS Threats Continues
Independent security
developers, including the one
that had a brief window of
opportunity to patch
Microsoft's VML flaw before
Microsoft beat its own
deadline, are now scrambling
for their share of the
spotlight in the wake of the
re-emergence last week of an
ActiveX control flaw...
betanews.com - 03.10.2006
