digg

Facebook Connect Join Digg About

Microsoft Warns of Attacks on New ActiveX Hole... Again

news.cnet.com IE users warned about new ActiveX vulnerability, affecting Office XP, 2003, and ISA Server 2004 and 2006, that could allow an attacker to take control of the PC.

Who dugg this? Made popular Jul 14, 2009

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

54 Comments

show profanity settings
expand all
  • AcousticBoom, on 07/14/2009, -7/+32Another reason to continue using "the fox"
  • BobDle, on 07/13/2009, -10/+31not news. typical.
  • uptwolait, on 07/14/2009, -1/+20It's a type of deodorant. Don't use it on your hole, or you might get attacked.
  • nubnub, on 07/14/2009, -2/+20I wasn't aware such a large amount of the population was homosexual.
  • Khast, on 07/14/2009, -1/+19If ActiveX has access to the Kernel...it is a security exploit waiting to happen. Even if you don't give it permission.
  • freakyrunnerguy, on 07/14/2009, -0/+16This is why i love microsoft. theres always hidden goodies to find in their products.
  • inactive, on 07/14/2009, -1/+16What is ActiveX? Do people use it?
  • inactive, on 07/14/2009, -0/+12ActiveX has got to be one of the worst ideas in the history of programming. Basically, you are giving arbitrary access to random sites on the most common browser (at the time). How in the ***** ***** did Microsoft engineers NOT sense evil? Its not like "hacking" was a new concept at the time...
  • Tripacer9999, on 07/14/2009, -1/+12You stay classy, ActiveX.
  • CoreyTamas, on 07/14/2009, -1/+12"But Internet Explorer is the safest browser out there. Really. We swear."
  • TheN4D, on 07/14/2009, -1/+12Which is why I like my foxes flaming...
  • motters, on 07/14/2009, -0/+9ActiveX was such a lame technology.
  • sathias, on 07/14/2009, -2/+11If you take Schadenfreude joy out of security holes I think it's a pretty good indication that you should switch off the PC for a while and go outside.
  • pattyhax, on 07/14/2009, -1/+8and I'll stick with "The Chrome"
  • KibibyteBrain, on 07/14/2009, -2/+9Because as we learned from the Pwn to Own competitions, Safari on OSX is the pinnacle of security and safety in terms of web vulnerabilities... And lets not forget the Apple JRE critical, in the wild, vulnerabilities months after other platforms saw their JREs patched, either.
    Just use a safe browser and safe plugin settings. The platform really doesn't matter if you are going to use insecure software on it.
  • alpha88, on 07/14/2009, -0/+6They're not bugs, they're features!!
  • cscofield, on 07/14/2009, -0/+6Another reason to dump IE and use Firefox instead. ActiveX aside, why would anyone use IE anyway?
  • ptFoe, on 07/14/2009, -16/+22MS sure know how to brighten the day for Apple & Linux users.

    Thanks MS you have done it again
  • krisrm, on 07/14/2009, -0/+5...unfortunately, not "Microsoft Warns of IE Suckage", though I'm pretty sure most of us read it as that, anyway.
  • krisrm, on 07/14/2009, -0/+5strange, that's not what she said...
  • moduc, on 07/14/2009, -0/+5MS business plan:
    1) Got notified about or discovered a bug
    2) Fix it in the latest version of the OS
    3) Announce the problem later for older OSs
    4) Some of the people get hacked for not updating their computers
    5) People scares of the old OS instability and upgrade to new OS, or buy new PC
    6) MS makes money
    7) MS announces the next greatest OS ever is being produced.

    Sounds like a joke, but many people have fast computer for what they do, and no hardware problem, but they buy a new computer because their computer is ridden with virus, and bogged down. They think buying a newest computer (hence the OS) would solve their problem. Whilst the right way is to learn a little on how to use their computer properly.
  • fragMasterFlash, on 07/14/2009, -1/+5ActiveX? On the hole? And I am fresh out of Preparation H.
  • astrotrain, on 07/14/2009, -1/+5Oh no... wait... 90% of your business applications who use IE for a web GUI (Ticketing systems, etc) have been designed on ActiveX.

    You take the Active-Hoax away, and the companies will fall all around.

    Its a joke, who designs an application based on a product specific application... oh that's right people who believe Microsoft is the answer to all their worries in the world.
  • damnshoes, on 07/13/2009, -3/+6typical?

    It's always good to know.
  • MWeather, on 07/14/2009, -0/+3Yep. You are not alone.
  • inactive, on 07/14/2009, -1/+4I think he uses Safari.
  • Khast, on 07/14/2009, -4/+7Hmmm...90% of the Microsoft exploits are through ActiveX.....

    So, therefore, if Microsoft drops ActiveX, they will have better security.

    'nuff said.
  • HonoredMule, on 07/14/2009, -1/+4Hey, this female CNET reporter is an /actual/ woman. Way to go CNET!
  • YokohamaGaijin, on 07/14/2009, -0/+3Sounds painful anyway.
  • moduc, on 07/14/2009, -0/+3OpenOffice still runs short on basic functionality. Just yesterday, I wanted to import a text file into a spreadsheet. I choose OOo to import it. The text file is produced but netstat, so it has spaces delimiting the columns. Open office didn't have the option to say using multiple spaces as a separator, so it didn't import property. Word 2003 has this. I think there are always things missing. However, basic stuff like this should not be the case.
  • ByteMeAHole, on 07/15/2009, -0/+2So why is anyone still using IE? It's a POS... Get Firefox and install NoScript, AdBlock Plus - viola your vulnerability drops significantly... Switch to Linux and it drops to almost zero...
  • Khast, on 07/14/2009, -0/+2@DarkShroud

    Does Microsoft Update still require Internet Explorer to install an ActiveX plugin to work? Can McAffee, Norton, Trend Micro's online antivirus still work under Internet Explorer using an ActiveX plugin?

    MS Update's ActiveX control HAS ACCESS TO THE KERNEL
    Antivirus ActiveX controls HAVE ACCESS TO THE KERNEL

    ActiveX should be 100% sandboxed and not allow access to ANY system files....even to Microsoft themselves.
  • astrotrain, on 07/14/2009, -0/+2You mean Forest Gore?

    "Mama always said, if you want to get infected, use Internet Explorer..."
  • jakem1, on 07/14/2009, -1/+3Not news because I really don't need to know about ancient software that includes vulnerabilites. Call me when the latest version has a problem, not a version from 8 years ago.
  • mrBitch, on 07/16/2009, -0/+2@ DarkShroud, RE: " .. So you're saying Chrome does it for no reason?"


    Chrome has a very good reason to do it, and it's called "Windows".
  • pattyhax, on 07/14/2009, -1/+3Because in business networks that use M$, its less common to administer 3rd party browsers.

    Deploying GPO's and updates with IE is actually really, really easy. I mean I don't use it at home, but at work it's really easy to roll out security policies and updates via AD to large groups of computers so I see the value. (In the manageability, not the overall browser experience)
  • lee1060, on 07/14/2009, -1/+3Throw in OpenOffice and I'll upvote.
  • DarkShroud, on 07/14/2009, -2/+3So you're saying Chrome does it for no reason? Maybe you should take a moment and think about all the interaction between a browser and servers. Flash apps have been caught trying back ground installs. Then there are root kits. And now rogue/hijacked servers just look at the header info and then try to infect the OS accordingly. A sandbox mode backed up with UAC stop all of these threats cold.

    Remember, the My Web Search toolbar is already able to install it's self into Firefox now.

    The final of Tracemonkey in 3.5 is nice but I would rather use a browser that has plenty of built in functionality and lower memory foot print than Firefox. For me that's IE8 with Opera as my back up. The only time I ever had IE8 lag at all is when loading massive comments threads on Digg.
  • shinkou, on 07/14/2009, -1/+2oh yeah? ...neeeext!
  • rnawky, on 07/14/2009, -3/+4"Get the Facts"
    http://www.microsoft.com/windows/internet-explorer ...

    Oh hey look, they added version numbers to the other browsers so you can see how Microsoft compares their newest browser to older competitors browsers. Safari is still absent, however :-/
  • AppleMacStud, on 07/15/2009, -3/+4I'm sorry, why do I use a Mac again? Oh yeah, it has something to do with security.
  • astrotrain, on 07/14/2009, -1/+2...Oh, she said,
    Any way you want it
    Thats the way you need it
    Any way you want it
  • datdamonfoo, on 07/14/2009, -0/+1I use IE when Firefox fails to display pages properly. For me, firefox has problems with some embedded videos.
  • DarkShroud, on 07/14/2009, -2/+3@Khast ActiveX doesn't have kernel access in Vista & Win7. I'm not sure about older Windows Desktop OSs, XP 64 shouldn't as I believe it also has patch guard as do Server 2003 & 2008.

    I don't care if people disagree with me as we all have our own opinions. But at least take a minute to do some research.
  • mrBitch, on 07/14/2009, -2/+2@ DarkShroud, you idiot ... no other OS needs a "sandbox" mode for their web browsers, since no other OS runs a security riddled activeX exploited mess like Windows.
  • inactive, on 07/14/2009, -5/+5People still use Internet Explorer? I mean, other than Real Estate Agents (MLS: *****)
  • HeavyWave, on 07/14/2009, -4/+3"affecting Office XP, 2003, and ISA Server 2004 and 2006"

    Upgrade maybe?
  • footodors, on 07/14/2009, -4/+3stay away from my hole!!
    it's "exit only"
  • SEN5241, on 07/14/2009, -3/+2motherscratchin' X-holes!
  • Fetching more discussions...
    Show 51 - 57 of 57 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.