Second unpatched ActiveX bug hits IE Scallywags are using an unpatched vulnerability in an ActiveX component to distribute malware, Microsoft warned on Monday. The development adds to already pressing unresolved Internet Explorer security bug woes. No patch is available for the Office Web Components ActiveX security hole, although there are workarounds which can …
If you haven't already done so, it might be a good time to consider running XP as a Limited User. It only takes a few minutes to set up and it is one of the most important security precautions you can take. It's no magic bullet but it does make life an awful lot harder for the bad guys. If you need further convincing, check out:
http://blogs.msdn.com/aaron_margosis/pages/TOC.aspx
Tux, because my daughter requested that I reinstall Linux yesterday so she could run some old Windows 95 games under Wine. Installed Linux Mint so that it could run directly off the Windows partition. So far, so good.
"Nonetheless, the current outbreak of unpatched ActiveX bugs has prompted some security watchers, including the SANS Institute's Internet Storm Centre (here) and F-Secure (here), to advise punters to consider using alternative browsers in preference to Internet Explorer. "
It is not a browser bug, it is a Private Pirate Trojan for Entering Systems Operations with Source Core Controls. And MSHacked with Virtual Control/Thought Projection and Realisation. It would then make them a Mammoth Open Source Tool of Printed Cash for Free EntrePreNeuReal Distribution...... is One Option Available in the AIdDerivative Virtual Futures Market.
Vulnerabilities in IE exploiting ActiveX? Really? Surely not?
As so many times in the past, a partial solution (as your story points out) is to use one of the many free alternatives to Internet Explorer (plus, of course, patching and hardening the hell out of WinXP).
Or, of course, a better solution is to use one of the alternatives to Windows such as a Mac or Linux.
Good advice. Unless of course you're a Microsoft shop and have installed some of their software that requires the local user to have administrative privileges on their PC....
Been there, tried that, got my head handed to me on the proverbial platter.
Now go back to your Security Awareness class.
Well said only 3 out of 500 desktops here have admin rights. I always run XP with restricted rights most apps don't require admin rights or just a minor permissions tweek to get them working. If you must then use 'runas' to run an app as an admin or login as an admin but don't browse the internet while you are.
http://secunia.com/advisories/35798
Description:
SBerry has discovered a vulnerability in Mozilla Firefox, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error when processing JavaScript code handling e.g. "font" HTML tags and can be exploited to cause a memory corruption.
Successful exploitation allows execution of arbitrary code.
The vulnerability is confirmed in version 3.5. Other versions may also be affected
Solution: Do not browse untrusted websites or follow untrusted links. <Doooh>
Quickly, let's all move to the "secure" Firefox browser [all of the cool kids are using it}! Bwahahahaha
Pray tell what MS software *requires* Admin? Typically most software that /appears/ to require admin needs little more than relaxed permissions on a few reg keys or a folder or two.
All my users are running as User, they don't even get to be power user on their own machine. No print driver installs, no changing the screen resolution, nothing administrative. I've had to loosen a few registry and folder permissions for AutoCAD and some other software but I never had a problem with Office 97. Haven't run any Office version since then and OpenOffice needed no special tweaks at all.
In a friends office I administer the users needed local admin to run QuickBooks and that is reason enough that I tell everyone that QuickBooks is the worst designed piece of software I've ever encountered. I believe they've now addressed that in the most recent version.
> "IT depts can do whatever they want"
>
> Really? Wow. If you work in an IT department I hope to never have to work in that organisation.
FWIW, I'm a software engineer for a multinational company. Our IT is outsourced to a, well....different multinational IT group. Our developer machines are almost entirely Windows XP and user privileges are tied down pretty firmly by that IT group (i.e. even developers don't have admin rights on Windows) . Personally, I think it's a Good Thing. To a limited degree, I apply the same policies at home. It works well for me and I hope I've given others a friendly tip to enable them to be that little bit more secure.
> Now go back to your day job.
Happy to. I like my job. Do you ?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
