Tag: ActiveX
October 15, 2009 by
Jason
On October 13th, 2009, Microsoft started serving to Windows users patches for no less than 34 vulnerabilities, releasing the most security bulletins in the company’s history. The 13 security bulletins made available are designed to offer fixes for a range of security issues affecting Windows, Internet Explorer, Silverlight, Microsoft Office, Developer Tools, Forefront and SQL Server. Microsoft underlined that, despite the large number of patches, all security updates had been thoroughly tested, and only received the green light for broad release once they met specific quality standards.
Out of the total 13 security bulletins released, eight have received Microsoft’s maximum severity rating, namely Critical, indicating that they are designed to patch severe vulnerabilities that could allow for remote code execution in the eventuality of a successful attack. The remaining six patch packages have all been deemed Important, a less severe rating. However, customers should apply the patches offered by the Redmond company immediately. The simplest way to access the security updates is through Windows Update. Users with Automatic Updates enabled will have all patches automatically downloaded to their machines.
Microsoft revealed that no less than seven security bulletins with a maximum severity rating of Critical out of the total eight also had an exploitability index of 1. The highest possible exploitability index: 1 is indicative of the fact that Microsoft considers the possibility of exploit code becoming available in the wild for the seven flaws extremely likely, perhaps even within the first 30 days since the patches were released. This just in case you needed additional incentive to deploy the security updates. Read More»
Posted in Computer | 1 Comment »
January 17, 2009 by
Jason This is a firefox plugin that I was looking for since long time, you will probably say why we need activeX with Firefox ? But some Intranet application require some functionnalities that are already available as ActiveX. I had a ActiveX twain solution that I wanted to run on firefox, so finally I think this could be done using ff-activex-host.
The extension is developed by Leeor Aharon, IT Structures Ltd, makes possible to use ActiveX controls in Firefox and provides full access to the hosted control (events, functions, properties) based on the Gecko NPAPI. Concerning security :
The plugin has some security related features to limit the risk it might pose to users by making ActiveX controls available in Firefox. First of all, it is using a special MIME Type so that it won’t get triggered by sites that were not specifically designed for it. Additionally, it supports lists of well known CLSIDs and PROGIDs so that it can be limited to use with specific controls and interfaces. Finally, it can be “site locked” to make sure it’s only being used by a predetermined list of domains. Read More»
Posted in Firefox | No Comments »
December 17, 2008 by
Jason There’s no easy way to secure IE against similar flaws that will inevitably be discovered and used by hackers to their advantage in the future. For this reason and in response to pleas for help by many Pctipsbox readers here’s my recommendation on the best way to surf the Web more securely:
Step 1: Switch to Firefox, Opera, Chrome, or another contender and configure it to be your default browser. Use IE only to visit sites that require Microsoft-specific technology probably because they rely on ActiveX to function. (For example, you need to use IE to download patches at the Windows Update site.) I recommend Firefox because of the numerous add-ons available for that browser, some of which I describe in Steps 2 and 3.
Step 2: Install the Firefox add-ons known as User Agent Switcher (see UAS’s download page) and IE Tab (download page).
User Agent Switcher lets you change your browser’s identity. If a Web site demands the use of IE but actually works fine with other browsers, you can change the name of the operating system and browser the site thinks you’re using. Many “IE only” sites render perfectly well in Firefox and other browsers. Read More»
Posted in Firefox, Internet | No Comments »
December 11, 2008 by
Jason On December 9, Microsoft made available for download the last bouquet of security updates for 2008. the company released no less than eight security bulletins, six of them Critical and two rated as Important. Hot on the heels of the last round of patches for the year hitting Windows Update, the December 2008 Security Release ISO Image went live on the Microsoft Download Center. Via the Security Release ISO Image for the current month, the software giant is providing a single package for all the security updates designed for its Windows client and server operating systems, including Windows Vista Service Pack 1 and Windows XP Service Pack 3.
“As far as vulnerability counts go, this is the largest patch release since Microsoft started the ‘Patch Tuesday’ program back in late 2003. The release contains eight bulletins covering 28 vulnerabilities,” Symantec’s Robert Keith revealed.
“Of those issues, 23 are rated ‘Critical’ and affect Word, Outlook, Internet Explorer, Visual Basic ActiveX controls, GDI, Windows Search, and Excel. All of the ‘Critical’ issues this month require some sort of user interaction, whether visiting a Web page that contains malicious content or viewing a malicious file. The remaining issues affect GDI, Windows Search, SharePoint, and Windows Explorer; they range in importance from ‘Important’ to ‘Moderate.’” Read More»
Posted in Windows Vista, Windows XP | 1 Comment »
December 07, 2008 by
Jason
For Firefox users, Windows Update usually becomes the only time we are forced to run Internet Explorer. But it doesn’t have to be that way.
Since Windows Update requires an ActiveX control in order to run, it’s impossible to exclude Internet Explorer completely, so you will need to install IETab first, the magical Firefox extension that lets you open a web page with Internet Explorer within Firefox in a couple of clicks.
Once it is installed, you will need to replace the Windows Update shortcut in the All Programs menu. To do this:
- Press Start. Select All Programs.
- Right-click on Windows Update menu item and select Properties.
- In the properties window, enter “C:\Program Files\Mozilla Firefox\firefox.exe” http://update.microsoft.com in the Target field. Make sure you enter the correct path for your Firefox install and if the path contains any blank space, enclose the path in double quotes. Read More»
Posted in Firefox | No Comments »
September 01, 2008 by
Jason While rival browser makers Mozilla and Opera have launched the latest iterations of their products, Firefox 3.0 and respectively Opera 9.5, as early as June 2008, Microsoft is still in the development phase of Internet Explorer 8, the successor of IE7. August 27 marked the delivery of IE8 Beta 2, a deadline absurdly safeguarded by Microsoft, with the company only managing to confirm a release by the end of this month, and taking its due time when it came down to making available the bits for the browser second development milestone. Internet Explorer 8 is still far from the finish line, reportedly planned for November 2008, but Beta 2 feels more like a browser version ready for wrap-up than Beta 1.
The reason for this is the fact that, in comparison with the March 2008 release of IE8, the second Beta is packed with features and functionality aimed at the home and business users, on top of what has already been available to IT professionals and web content developers and designers. In this regard, IE8 Beta 1 was more of a skeleton on which Microsoft built Beta 2. Now, although Microsoft is not touting IE8 Beta 2 as a feature-complete version, it is clear that the Redmond company will move further only with the process of fine-tuning the browser got with Release to Web (RTW). Read More»
Posted in Internet | 2 Comments »
February 06, 2008 by
Jason Microsoft’s Internet Explorer is without a doubt the main vector of attacks, when it comes down to web-based threats. Its ubiquity, as well as its intimate integration into the Windows platform, makes it an excellent avenue for attacks. With IE6, Microsoft has gained an ill reputation for failing dramatically to protect end users. From IE6, which undoubtedly is an apex of insecurity compared to alternative browsers, the Redmond company moved to Windows Vista and Internet Explorer 7 under User Account Control, virtually cutting the browser from the critical areas of the operating system. Web-based attacks coming via IE7 in Protect Mode will not be able to write themselves to disk without specific user permission, because the browser runs with the very least possible privileges. Read More»
Posted in Internet | No Comments »
December 20, 2007 by
Jason Since ActiveX applies only to the Windows platform, it is unsuitable for Firefox which is available across multiple platforms. Currently, there is no mechanism by which you can use ActiveX controls in Firefox 2.0 or later.
Until recently, a third-party plugin provided ActiveX functionality for Firefox. The Mozilla ActiveX Plug-in provided partial ActiveX support for Firefox 1.5 and earlier versions. By default, these ActiveX plugins were configured to execute only the two Windows Media Player ActiveX controls, which enabled the playback of video content through the Windows controls. There is a configuration file that can be used to enable other ActiveX controls. Read More»
Posted in Firefox | 4 Comments »
December 12, 2007 by
Jason Here is your chance to set Internet Explorer free! You will be able to do so, not only for Internet Explorer 7 in Windows XP SP2, Windows Server 2003 and Windows Vista, but also for the previous version IE6 on XP and 2003. Starting this month, users can strip the Microsoft browser of the “click to activate” behavior. The intermediary “Click to Activate” control setting of the browser was introduced as a consequence of the legal dispute between Microsoft and Eolas Technologies, over the patent governing the Automatic Component Activation technology built into Internet Explorer.
Following a settlement between the company and Eolas, Microsoft promised to alter the IE
ActiveX Update, in order to modify the way that the browser dealt with embedded controls on specific pages. Back at the beginning of November, Pete LePage, IE Senior Product Manager, promised the delivery of the Internet Explorer update concomitantly with the Release Candidates for Windows Vista SP1 and Windows XP SP3. And now, the IE Automatic Component Activation Preview is available for download. Read More»
Posted in Internet | 3 Comments »
ActiveX controls, just like any other example of binary software, tend to evolve. This growth is of course intimately connected with updates introduced to either add new functionality or features, or simply to patch security vulnerabilities. Marc Silbey, IE Program Manager and Steve Herndon, Silverlight Lead Program Manager, have managed to come out with a three step guideline illustrating the best practices associated with ActiveX controls updating. It all starts with making detection logic an integer part of the ActiveX control. Additionally, developers also have to take into account the fact that IE7 in Vista runs by default in Protected Mode, and not automate the update to the point where the user is completely taken out of the equation. Read More»
Posted in Internet, Windows Vista | 1 Comment »
Loading ...
