funsec mailing list archives
Microsoft kills more third-party ActiveX controls
From: "Richard M. Smith" <rms () computerbytesman com>
Date: Wed, 13 Aug 2008 11:45:55 -0500
As I've mentioned before there are many hundreds of third-party ActiveX controls that Microsoft needs to be killing off via Windows Update. Richard http://www.computerworld.com/action/article.do?command=viewArticleBasic&arti cleId=9112478&intsrc=news_ts_head August 12, 2008 (Computerworld) Microsoft Corp. today issued "kill bit" updates for ActiveX controls from HP and a Washington state developer, the third time it's disabled third-party add-ons in the last four months. One security researcher linked the release to a new program Microsoft announced last week that's designed to help other vendors find and fix bugs in their own software. Microsoft disabled ActiveX controls from two companies, Hewlett-Packard Co. and Tacoma, Wash.-based Aurigma Inc., in its kill bit update, according to the security advisory issued today. The update was released through Windows Update, but it can also be downloaded from the Microsoft site. Both companies have acknowledged vulnerabilities in their ActiveX controls, and have, in fact, patched those controls. The HP software that Microsoft killed today were older ActiveX controls associated with a customer support application bundled with some of its PCs; the program, dubbed "HP Instant Support," is meant to help users update key drivers and other HP software. HP patched its Instant Support in early June. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Microsoft kills more third-party ActiveX controls Richard M. Smith (Aug 13)