Microsoft kills more third-party ActiveX controls

["Richard M. Smith" <rms () computerbytesman com>]

As I've mentioned before there are many hundreds of third-party ActiveX
controls that Microsoft needs to be killing off via Windows Update.

Richard

http://www.computerworld.com/action/article.do?command=viewArticleBasic&arti
cleId=9112478&intsrc=news_ts_head

August 12, 2008 (Computerworld)  Microsoft Corp. today issued "kill bit"
updates for ActiveX controls from HP and a Washington state developer, the
third time it's disabled third-party add-ons in the last four months.

One security researcher linked the release to a new program Microsoft
announced last week that's designed to help other vendors find and fix bugs
in their own software.

Microsoft disabled ActiveX controls from two companies, Hewlett-Packard Co.
and Tacoma, Wash.-based Aurigma Inc., in its kill bit update, according to
the security advisory issued today. The update was released through Windows
Update, but it can also be downloaded from the Microsoft site.

Both companies have acknowledged vulnerabilities in their ActiveX controls,
and have, in fact, patched those controls. The HP software that Microsoft
killed today were older ActiveX controls associated with a customer support
application bundled with some of its PCs; the program, dubbed "HP Instant
Support," is meant to help users update key drivers and other HP software.

HP patched its Instant Support in early June.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.