Posts

Showing posts with the label ActiveX

Another Internet Explorer ActiveX Vulnerability

Microsoft and Secunia reported another ActiveX bug yesterday. Just by visiting a website or viewing email in html mode can provide the means for malicious code to be executed on your computer. Microsoft recommends keeping your virus scanner up-to-date [of course you should] and to use safe browsing habits. The safest way to browse is to use Firefox or another non-Internet Explorer / ActiveX supporting browser. Microsoft provides directions on how to browse safer using their products . I highly recommend that you follow this if you want to continue using Internet Explorer. Here is a brief explanation: Set your Internet Zone security to High When you trust a site, add it to the Trusted Zone. Microsoft recommends you run the Trusted zone at Medium security -- if you do, you will have problems on some sites. You need to move it at least to Medium-Low. Read all email in plain text (not HTML). So you have to ask yourself, do you want to manually manage your browsing security like this or r

Internet Explorer Security Issues Affect More Than Just Internet Explorer

As yet another security issue is found in Internet Explorer, it is a good time to remind you that Internet Explorer is used for more than web browsing. A few months back I pointed out how Microsoft Project had problems due to the ActiveX security settings I had set too high. Another such program is Outlook and Outlook Express. With the latest issue, you could receive an email with embedded code that would exploit your computer. This problem is big enough that Microsoft may actually release it outside their normal monthly patch cycle -- they have only done this once -- to fix a problem with their DRM. This problem is big enough, you can actually get a fix from a third-party . Perhaps a better fix, in addition to using Firefox (or Netscape) instead of Internet Explorer, use an alternate email program such as Eudora or Thunderbird (from the makers of Firefox).

Follow-up to IE Causing Problems with Project 2003

Image
I had posted on June 5th my experience with how Microsoft project 2003 had problems with certain functions due to the security setting in Internet Explorer, My Computer domain begin set to High. On June 14th, Microsoft finally conceded that there is no fix expect to lower the security settings. I can either change the default setting to Medium or Enable five settings, which for all intents and purposes is the same as changing the security to Medium. Here's the response attempting to describe why it's okay that Microsoft has impeded IE into Project: There is a reason we don'’t expose that functionality in IE by default. It used to be there in Windows 2000 Server and Pro, but it serves little purpose, provides no protection against the outside world, and generally only breaks things. Worse, since its set on a per user level, it doesn'’t prevent OTHER users or the system security context from running something '‘bad'’ on the local machine, only the logged in

ActiveX Control Change in IE: Release Date and More

Microsoft has made this rather confusing. If you support Windows with Internet Explorer or are a web application developer, read on; if not, skip to the last line . The way I read security Bulletin MS06-013 , the change has already been released, but a patch in IE is keeping it from being active. As quoted in the bulletin, "This Compatibility Patch will function until an Internet Explorer update is released as part of the June update cycle, at which time the changes to the way Internet Explorer handles ActiveX controls will be permanent." This is also taken from the bulletin: Some of the important modifications include the following: Security level for the Internet zone is set to High . This setting disables scripts, ActiveX controls, Microsoft Java Virtual Machine (MSJVM), and file downloads. Automatic detection of intranet sites is disabled. This setting assigns all intranet Web sites and all Universal Naming Convention (UNC) paths that are not explicitly listed in the Loc

Microsoft is changing how it handles ActiveX controls in IE

Are you aware of the changes to how the ActiveX Control works within IE? Most (possibly all --– I am not sure) IE plug-ins use ActiveX to load within the IE browser; and therefore if your site's user base is predominately IE user, which is true for most of us, this presents a potential big problem. If you are lucky, users will only have to double-click on controls instead of single click. (The first click is to activate the control, while the second is to use the control.) This is an exert from Microsoft's site, http://support.microsoft.com/kb/912945/en-us : This update changes the way in which Internet Explorer handles some Web pages that use ActiveX controls. Examples of programs that use ActiveX controls include the following: Adobe Reader Apple QuickTime Player Macromedia Flash Microsoft Windows Media Player Real Networks RealPlayer Sun Java Virtual Machine You can download the update today from the same page to test for yourself -- I understand this will be pushed d