Comments on: Another zero-day threat hits Windows

Sample code that exploits a yet-to-be-fixed Windows flaw is circulating. Microsoft plans to deal with it on the next Patch Tuesday.

[Sparky672]

ho hum... more of the same.

I'm shocked, shocked I tell you.

[fc11]

This is Active X control again. You should set IE sec level to high

Active X controls are evel. Set your IE security settings for internet Zone to High or medium to prevent all active X controls from running.

[Penguinisto]

Okay, so NOW does everyone agree that ActiveX is bad?

...I mean, really folks. This is a patch to a patch to a patch to a patch now.

If you want to escape this treadmill, just head for http://www.mozilla.com and get away from the mess (well, mostly - you're still stuck with supporting IE if you have Windows. Fortunately the free copy of IE that came with my Mac was flushed down the crapper less than five seconds after I opened Safari :) )

/P

[panazule]

Not really

I'd agree your a petty little microsoft basher.

What's funny about all of this is as a browsers market share increase, so does the bugs that are discovered.

Macintosh.. no virus's as the commercials say? Don't crash like the commercials say? Yea right...

If it had more than a single digit market share there would be trojans and virus's and everything else out there the only reason there is not is because why target an audience that is so small if your goal is to cause problems.

Don't forget to put on that penguin hat.

[zaznet]

I agreed to that a long time ago.

I knew ActiveX was insecure long before the first exploit or patch. Same as I kne IE was insecure long before and the same as I knew VB Script embeded in Word and Excel was insecure. It was just poor design from the start that got Microsoft into this trouble. ActiveX was designed without a single concern for security, and has since had many patches applied to change that.

[extinctone]

Hey panazule! The "market share" to "threat level" argument is bogus.

>If it had more than a single digit market share

Then why is it MS has an insignificant market share for web servers, yet the highest amount of high impact vulnerabilities and hacks?

http://news.netcraft.com/archives/web_server_survey.html

MS has steadily DECLINED in market share since early 2002. (The recent increases were due to massive amounts of domains being 'parked' on Windows (virus) servers. Anyone worth his/her weight in paper chooses a reliable and secure platform to run an Internet server on, not a Microsoft platform.

[gggg sssss]

then explain

why that little red squiggley MS line seems to be heading UP since March 2006 whiel all of teh other lines are heading down. At that rate they MS will cross teh appache line in 2008

Oops

[wbenton]

News TOO OLD!!!

>>>that Microsoft knows about, but has not yet fixed<<<

Back in 1995, that was news... but now... 11 years later in 2006...

That's moronic!!!

Walt

[zaznet]

Not "Zero Day" Exploit

This is a vulnerability that was known 2 months ago. How can it be "Zero Day" two months later? It is simply an unpatched vulnerability that exploit code is now available for, 2 months later.

Zero Day means the exploit is available the same day a vulnerability is known about. Please consider revising the title.

[imacpwr]

Windows: The Most UNsecure OS Online Today..!!

Oh am I sooooo happy I switched to a Mac last year...!!!!

Once you go Mac,

YOU NEVER GO BACK..!!!

[Vegaman_Dan]

You never go back!

You never go back once you buy a Mac- because your brain turns off! You don't bother reading articles before spouting rheotoric! You become yet another Mac Zombie.

There are rumors about reasonable Mac owners who don't spend every waking moment looking for fault with others, but so far I haven't found that many and this person is a perfect example of giving Mac users a bad name.

[Vegaman_Dan]

Because Macs are Perfect

You'll never go back. Nope. Not when you can use another operating system that *ALSO* has security flaws and the OEM has released patches for it.

http://news.com.com/Apple+releases+Mac+OS+X+security+update/2100-1002_3-6121372.html?tag=nefd.top

Hypocrisy is a terrible thing to waste.

[maxwis]

Microsoft Admits ActiveX Not Safe

Now why would Microsoft turn off by default ActiveX and Active scripting in Windows Server? Because they knew that it provided a vector for an infection that they had no defense against. The smoking gun. Solution to today's Zero Day attack warning: Use a browser that does not support ActiveX.

http://www.microsoft.com/technet/security/advisory/926043.mspx
"By default, Internet Explorer on Windows 2003 Server runs in a restricted mode that is known as Enhanced Security Configuration. This mode mitigates this vulnerability because ActiveX and Active Scripting are disabled by default."

[qwerty75]

agree

Out of all the terrible ideas from Redmond, this is one of the worst.

ActiveX was poorly designed and even poorly implemented. Why they don't ditch it, is beyond me.

The gains to online security far outweigh the losses due to shortsighted people having to rewrite software that was dependant on ActiveX.

[gggg sssss]

have you ever

actually run a server? Server 2003 specifically? Any clue about why a developer would use activex in a web page? Why tyehy woudl use this particular WebFolder control in a web page that woudl be relevant to running a server?

MS probbaly somehwere also suggests that teh server not be used to play Doom as well. Do you question that also?

[wbenton]

Microsoft backed themselves into a strange corner

Now that they've got everybody rushing to turn off Active-X... how are they going to push their next security releases which require IE using Active-X... (* LOL *)

Seriously, I could care less either way... but it does put them and their users in quite an awkard position!!! (* CHUCKLE *)

Walt