Windows ActiveX Flaw Still Active After Patch   - 1,660 Views,

Summary: A couple of weeks ago, Aunty reported to you that Microsoft had announced a patch for their ActiveX security flaw. However, today the anti-virus experts at GeCad Net are reporting that the patch distributed by Microsoft does not fully fix the flaw (and try ...

Previous Article « New Worm Targets Windows and MSN Messengers
Read Next Article » Breaking News: Virus Masquerades as CNN Headlines

  Follow Anne on Twitter


A couple of weeks ago, Aunty reported to you that Microsoft had announced a patch for their ActiveX security flaw.

However, today the anti-virus experts at GeCad Net are reporting that the patch distributed by Microsoft does not fully fix the flaw (and try saying that three times fast!)

According to the Romanian-based GeCad Net, which sold their anti-virus software business to Microsoft a few years ago, the patch leaves unfixed at least one weakness which could be an avenue of attack on the HTML Help ActiveX control.

GeCad Net also said that “the potential for attack is opened up if a computer is updated with Microsoft’s Windows XP Service Pack 1 or Windows 2000 Service Pack 4, along with the most recent security patches”, but added that the problem can be prevented by updating with Windows XP Service Pack 2.

A spokesperson for Microsoft said that they were already working to fix the problem discovered by GeCad Net, and added that “Microsoft issued an update to address a vulnerability in the HTML help control in Windows, and this update does protect against the publicly reported vulnerability.”

Windows ActiveX Flaw Still Active After Patch

 Follow Anne on Twitter

 Twitter Explained in Plain English

 Friend Anne on Facebook

Previous Article « New Worm Targets Windows and MSN Messengers
Read Next Article » Breaking News: Virus Masquerades as CNN Headlines

Read more:

»  Microsoft Announces Patch for “Help Flaw” Security Hole

»  New Critical Internet Explorer (IE) Flaw Involves Msdds.dll

»  Department of Homeland Security (DHS) Warns “Apply New Windows Patch Now!” - So Get the New MS06-040 Patch and Apply It!

»  Windows Help Vulnerability Target of Newly Released Trojan

For additional similar stories check out our archives on Security, Windows

NOTE: We never, ever, ever will recommend any product or service on this site that we have not regularly used ourselves and do not wholeheartedly believe in. That said, in some cases after being very pleased with a product or service, we may enter into a relationship with the provider of that product or service such that if someone purchases that product or service based on our recommendation, we may get a small payment. Such payments go towards the upkeep of the Internet Patrol.

 

No Comments »

No comments yet.

RSS feed for comments on this post.

Leave a comment

Warning! All comments which contain URLs and are clearly just spam to generate a link back to the URL will be deleted on sight. Don't bother wasting your time!

If you are going to include a URL in your comment,
please keep it under 25 characters in length,
or use TinyURL to shorten it before including it in your comment.

Line and paragraph breaks are automatic, your email address is never displayed.
HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

(required)

(required)


If you have not posted a comment here before, we apologize for having to ask you to enter the letters and numbers you see in the image above to validate your comment, but we are being attacked by thousands of comment form spams every day! You only need to do this once; once you have successfuly posted a comment here you will not be asked to do this again. Thank you for your understanding!

 
 This article first appeared on 1/24/2005
The Internet Patrol
Patrolling the Internet for You!