Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Mike Nash of MS comments on the 912945 ActiveX update

March 29th 2006 in Uncategorized

Pretty much confirms everything I’ve been saying all along:
http://blogs.technet.com/msrc/archive/2006/03/29/423560.aspx


One thing I didn’t know was this:


we will create a “compatibility patch” (deployed like a hotfix) that allows customers to turn off the change for a limited period of time through the June update cycle (2nd Tuesday in June) to provide time for enterprise customers to resolve compatibility issuess [sic]


“Deployed like a hotfix” tells me that the patch will only be available by contacting MS Support and convincing them that the patch is needed.  End users should not expect that it is going to be made available to them simply because they don’t like the new activex behaviour.


Comments are closed.

Summary:  My advice? Don’t install it.
(Please forgive any grammatical or logical flow errors – I’m running real short of time but wanted to get this live before starting my work day).
Two MS security bloggers have mentioned the eEye “patch” that protects against the createTextRange vulnerability.
http://blogs.technet.com/msrc/default.aspxhttp://blogs.technet.com/ms_schweiz_security_blog/default.aspx
Both bloggers recommend that the patch not be installed. 
Ok, I […]

Previous Entry

“INTERNET service providers could face massive fines if they do not comply with new rules set down by the communications watchdog.
The Australian Communications and Media Authority (ACMA) today registered the world’s first legislative code of practice for internet and email service providers.
…[U]nder the new code, ISPs will have to offer spam filtering options to subscribers […]

Next Entry

Archives