Windows ActiveX Flaw Still Active After Patch   - 1,813 Views,

Summary: A couple of weeks ago, Aunty reported to you that Microsoft had announced a patch for their ActiveX security flaw. However, today the anti-virus experts at GeCad Net are reporting that the patch distributed by Microsoft does not fully fix the flaw (and try ...

Previous Article « New Worm Targets Windows and MSN Messengers
Read Next Article » Breaking News: Virus Masquerades as CNN Headlines

Windows ActiveX Flaw Still Active After Patch        Follow Anne on Twitter     Friend Anne on Facebook


A couple of weeks ago, Aunty reported to you that Microsoft had announced a patch for their ActiveX security flaw.

However, today the anti-virus experts at GeCad Net are reporting that the patch distributed by Microsoft does not fully fix the flaw (and try saying that three times fast!)

According to the Romanian-based GeCad Net, which sold their anti-virus software business to Microsoft a few years ago, the patch leaves unfixed at least one weakness which could be an avenue of attack on the HTML Help ActiveX control.

GeCad Net also said that “the potential for attack is opened up if a computer is updated with Microsoft’s Windows XP Service Pack 1 or Windows 2000 Service Pack 4, along with the most recent security patches”, but added that the problem can be prevented by updating with Windows XP Service Pack 2.

A spokesperson for Microsoft said that they were already working to fix the problem discovered by GeCad Net, and added that “Microsoft issued an update to address a vulnerability in the HTML help control in Windows, and this update does protect against the publicly reported vulnerability.”

Was this information helpful? If so, please leave us a review!

SHARE:
Windows ActiveX Flaw Still Active After Patch
SOCIAL:        Friend Anne on Facebook        Follow Anne on Twitter        Twitter Explained in Plain English
SEARCH:
       

Leave a Comment

Previous Article « New Worm Targets Windows and MSN Messengers
Read Next Article » Breaking News: Virus Masquerades as CNN Headlines

Read more:

»  Microsoft Announces Patch for “Help Flaw” Security Hole

»  New Critical Internet Explorer (IE) Flaw Involves Msdds.dll

»  Department of Homeland Security (DHS) Warns “Apply New Windows Patch Now!” - So Get the New MS06-040 Patch and Apply It!

»  Microsoft Issues Urgent Windows Update to Protect Internet Explorer and Office Products

For additional similar stories check out our archives on Security, Windows

NOTE: We never, ever, ever will recommend any product or service on this site that we have not regularly used ourselves and do not wholeheartedly believe in. That said, in some cases after being very pleased with a product or service, we may enter into a relationship with the provider of that product or service such that if someone purchases that product or service based on our recommendation, we may get a small payment. Such payments go towards the upkeep of the Internet Patrol.

 

No Comments »

No comments yet.

RSS feed for comments on this post.

Leave a comment

Warning! All comments which contain URLs and are clearly just spam to generate a link back to the URL will be deleted on sight. Don't bother wasting your time!

If you are going to include a URL in your comment,
please keep it under 25 characters in length,
or use TinyURL to shorten it before including it in your comment.

Line and paragraph breaks are automatic, your email address is never displayed.

(required)

(required)


 
 This article first appeared on 1/24/2005
The Internet Patrol
Patrolling the Internet for You!