Thursday, November 21, 2002

Microsoft IE/IIS Vulnerabilities -- 9:25 am CST, Update by A.T. Hun

There's a new problem that's been discovered with a Microsoft ActiveX control that allows anyone to run arbitrary code on any non-XP version of Windows. A fix is available here. The problem is that since the old control is signed by Microsoft, a website could knowingly or unknowingly give you the old, vulnerable version right back. The only solution? Remove Microsoft from your list of trusted publishers. Eeek.

This comes on the heels of another IE security hole that would allow someone to run arbitrary code on any Windows box. The really bad thing here is that Bugtraq posted working code showing how to exploit that bug to reformat someone's hard drive. Sheesh. That article has a link to a patch that may or may not completely fix that bug. Get patching! Thanks Slashdot.

J.t.Qbe comments: Speaking of Microsoft, there was an interesting article at The Register this morning: an internal Microsoft document about the (attempted) switch of Hotmail from FreeBSD to Win2K. Microsoft recognizes the benefits Unix fans have been touting for years, but of course can't publicly present them as benefits. Very interesting reading.

News for 11/21/2002

The Haus is powered by:

All original information on this website is copyright © TheHaus.Net, 1999-2005. The use of original images, text, and/or code from this website without expressed written consent is prohibited. The authors of this site cannot be held responsible for any damage, real or imagined, which comes from the use of information presented on this site. All trademarks used are the properties of their respective owners. This site is not to be used as a floatation device (but if you try, I want a video tape of it).