Mitigate the Image Uploader Vulnerabilities

The big security news this week is the six vulnerabilities found in various image uploader ActiveX controls. In case you haven't seen the news, there are exploits available publicly for remote vulnerabilities in five different ActiveX controls. US-CERT is offering the, relatively unhelpful, advice that users disable all ActiveX controls in their browser. Doing so would have the effect of disabling a lot of things, notably virtually every corporate expense reporting application. Your users will probably have a thing or two to say about that. You can mitigate that by adding all the sites users will ever need to the Trusted … Continue reading Mitigate the Image Uploader Vulnerabilities

Remotely listing all installed updates

A couple of weeks ago I published a script to list installed updates. Predictably, one of the comments ask for a version that can do that remotely. Here it is. This version can be run a couple of ways. First, you can double-click it. If you do it will prompt you for which computer to list the updates on. If you just type "." (a dot) it will use the local computer. If you type a name it will connect to a remote computer and list them from there. However, you must be authenticated to the remote computer before you … Continue reading Remotely listing all installed updates

IE 6 crashes after you install security update MS07-069 on a computer that is running Windows XP SP2

If you are still on Windows XP SP2 with Internet Explorer (IE) 6, and you install the security update announced in MS07-069, then you may just have lost your ability to surf much of the web with IE. Apparently that combination causes IE to crash when you go to a web site, according to Microsoft Knowledge Base article 946627 and a blog post on the IE blog. The exact cause appears to still be under investigation. The signature of the crash, however, is shown in this picture: The fix is to set a registry key. However, most home users would probably … Continue reading IE 6 crashes after you install security update MS07-069 on a computer that is running Windows XP SP2

Is Firefox More Secure than Internet Explorer?

Well, sure it is. According to the Firefox web site, which must of course be untainted by marketing claims since it is Mozilla, " Firefox continues to lead the way in online security". OK, marketing hyperbole aside, I'm a data guy. I care about what the data says. Fortunately, Jeff Jones collected the data and did the analysis. Rather than color your conclusions by mine, I will let you draw your own conclusions from his analysis because (a) Jeff is a friend of mine and I won't let that influence a judgement, and (b) there may be a slight conflict … Continue reading Is Firefox More Secure than Internet Explorer?