Microsoft 'targeting' Tuesday for ActiveX fix
Friday, July 10, 2009
Microsoft plans to issue a total of six security bulletins in the monthly security update for Tuesday, July 14, including three critical flaws in Windows. The company did not say if the update will fix two critical Windows flaws that have been exploited in the wild.
The company said software engineers have been working "around the clock" to produce an update for the vulnerability in the Microsoft Video ActiveX Control, about which the company notified users on Monday. Microsoft is "targeting" a patch for that flaw for Tuesday.
Microsoft's Mike Reavey defended the company's decision not to inform users earlier of the ActiveX flaw, which IBM researchers warned the company about in spring 2008.
In a blog post yesterday at the Microsoft Security Response Center, Reavey said an exploit for the flaw was not discovered until recently, well after the company began its investigation.
"For any issue that is reported to us, we strive to address not only the vulnerabilities brought to us but also to find any similar or related issues to ensure the update provides as comprehensive security as possible," Reavey said.
Microsoft is also working on a fix for a flaw in DirectX - the Windows subsystem used for streaming video - which hackers have exploited using malicious QuickTime video files.
Related News:
Conficker still a threat to web security - 3.18.2010
The Conficker worm was by far the most notorious piece of malware in 2009 for several reasons. Not only did it receive media attention and infect more computers than any other strain, according to Katonda, a business technology website, it reminded web security professionals of bygone days when major epidemics were the norm.
Network security update not responsible for crashes - 2.24.2010
Reports of the so-called "blue screen of death" following the installation of the latest Microsoft security update are the result of malware, not a defect in the update.
Botnets and Chuck Norris take aim at network security - 2.22.2010
Last week, word spread of the Kneber botnet compromising more than 2,000 computers worldwide. With the start of a new week comes more malware attacks plaguing the web community. The so-called "Chuck Norris" botnet is attacking routers and DSL modems by guessing commonly used passwords.
Web security company warns of scareware's risk - 2.19.2010
The rise in scareware attacks and cyber criminal behavior in general forced DynaSis, an IT services company, to issue a warning to its users about the threat of fake anti-virus software infecting their computers on Friday.
Age-old trick with brand-new target - 1.18.2010
Cyber criminals have turned to a scam from the early days of the internet to target the growing smartphone market: Trojan phone dialers.
|
