Microsoft Warns Users of 'Zero Day' Security Issue

Status
Not open for further replies.

offkey_toms

Distinguished
Jul 7, 2009
1
0
18,510
A popular misconception concerning the firefox add-on (based on NPAPI technology) is that a add-on is somehow inherently safer than an ActiveX control. Both run native machine instructions with the same privileges as the host process. Thus a malicious plugin can do as much damage as a malicious ActiveX control.

People, wake up...


 
[citation][nom]offkey_toms[/nom]A popular misconception concerning the firefox add-on (based on NPAPI technology) is that a add-on is somehow inherently safer than an ActiveX control. Both run native machine instructions with the same privileges as the host process. Thus a malicious plugin can do as much damage as a malicious ActiveX control.People, wake up...[/citation]
True, but the other parts of the IE structure allows for the easier installation of ActiveX plug-ins without the users knowledge. And has a greater ability to do damage to a system.

Also NPAPI runs just on the browser itself while ActiveX can run as part of other programs, esp. VB, thus making ActiveX a bigger security hole than NPAPI ad-ons which is restricted mainly to the browser.
 

tmike

Distinguished
Jul 25, 2006
205
0
18,690
The small trickle of updates to Windows are far easier to swallow than the daily stream of notices I receive about new defects and vulnerabilities in Debian.
 

jhansonxi

Distinguished
May 11, 2007
1,262
0
19,280
[citation][nom]tmike[/nom]The small trickle of updates to Windows are far easier to swallow than the daily stream of notices I receive about new defects and vulnerabilities in Debian.[/citation]Most Linux distro package managers update every application installed, not just the OS and web browser. The distros are very paranoid and proactive (although probably not as much as OpenBSD).
 

SAL-e

Distinguished
Feb 4, 2009
383
0
18,780
"In the meantime, our investigation has shown that there are no by-design uses for this ActiveX Control within Internet Explorer. ...
Why the hell if the ActiveX Control has no useful use, can be run remotely and can not be uninstalled?
 
G

Guest

Guest
SAL-e: It was probably a backdoor in the first place... Or else Microsoft is utterly incompetent, you choose...
 

dafin0

Distinguished
Apr 25, 2009
34
0
18,530
[citation][nom]crom[/nom]Yet another example of the many reasons to never use Internet Explorer.[/citation]

no yet another reason to update you software,no one should be using IE6/7 anymore so if anything happens to them then its there own fault
(btw) the article doesn't seam to state this only effects IE6/7
 

Core2uu

Distinguished
Mar 22, 2009
67
0
18,630
More than your punishment for using IE, it's your punishment for continuing to use a decade old OS.

Cmon people, let's move, the turn of the century was almost 10 years ago.
 

hemelskonijn

Distinguished
Oct 8, 2008
412
0
18,780
Fun part though would be that this security problem was already in the focus but a few weeks back when they first wrote about it they limited the warning to use in combination with quicktime.
Back then loads of people replied that it was Apple who made buggy software and i already posted that the leak was possible to exploit in other ways and thus again making it a microsoft problem i got at least 6 thumbs down for that in under 4 hours.

Now here it is again the same activeX leak but this time nothing about quicktime lets see who shall we blame this time ?
 

neiroatopelcc

Distinguished
Oct 3, 2006
3,078
0
20,810
all the anti IE stuff aside, does anyone actually implement any of those workarounds? I'm 'in charge' of some 400 systems + about 20 servers or so, and I've NEVER implemented a single of the workarounds.
 

Platypus

Distinguished
Apr 22, 2009
235
0
18,680
[citation][nom]hemelskonijn[/nom]Back then loads of people replied that it was Apple who made buggy software and i already posted that the leak was possible to exploit in other ways and thus again making it a microsoft problem i got at least 6 thumbs down for that in under 4 hours.[/citation]
It sounds like you take those 'thumb downs' rather personally.
 

fuser

Distinguished
Aug 4, 2008
249
0
18,680
You'd have to live in a cave to think that MS is the only option. My grandmother was talking about firefox the other day.
 

crom

Distinguished
Aug 20, 2007
378
0
18,780
[citation][nom]dafin0[/nom]no yet another reason to update you software,no one should be using IE6/7 anymore so if anything happens to them then its there own fault(btw) the article doesn't seam to state this only effects IE6/7[/citation]

This hits all versions of IE on XP, including 8. It may affect Vista as well, hence their warning. Forgetting the security issue at the moment, IE doesn't even comply to standards, so websites will look wrong in it. Its just a badly designed web browser that is as big as security hole as Quicktime is for a Mac.
 
Status
Not open for further replies.