The Channel logo

back to article ActiveX update stars in Patch Tuesday critical quintet

Microsoft released five critical patches on Tuesday as part of its latest Patch Tuesday update. The release also included three bulletins over security flaws rated by Redmond as "important". The worst of the quintet is a flaw in ActiveX. This update also includes a kill bit for the Yahoo! Music Jukebox product, the topic of a …

COMMENTS

This topic is closed for new posts.
Thumb Down

Vista Advanced Security...

So many reviews on vista will always fall back to the OS' enhanced security and conclude that, if indeed there is ANY reason to move on to using vista, it would be to take advantage of this enhanced and much better security than XP can provide.

'Vista is as affected by these critical bugs as XP.'

Well I think that one line quoted from the article says it al really.

Who needs such great security?

0
0

i particularly liked...

...the update to ensure future updates install properly. Very useful description :)

Not sure why these updates weren't included in SP1 really (well i understand that one not being, as its one of the pre-sp1 fixes), It's not officially been pushed out yet, so i didn't expect to get all of these.

0
0
Gold badge

The OS is secure. The apps are Swiss cheese.

Reminds me of that pwn2own contest last week. No-one even bothered to attack the three machines on day 1 when they were only allowed to target the OS. As soon as applications were fair game, the machines started to fall. The Windows box finally succumbed to some sort of flash exploit.

Fast forward one week, we find Adobe patching a flash vulnerability and Microsoft "conceeding" that their ActiveX problem affects Vista as much as XP. Hmm. That would be because it runs the offending control. I expect Linux/WINE is equally affected if you can find an app to host the control for you.

It's time to move the flame wars to a new battle ground. The big security holes are not in the OS anymore. They're in the apps, and Adobe should be worrying about whether they are the new Microsoft.

0
0

@Ken Hagen

From the article:

"... The ISC reckons a flaw that leaves Windows DNS clients vulnerable to spoofing because of entropy in a random number generator is better thought of as critical.

It also considers an input validation vulnerability in the windows kernel that allows privilege escalation..."

You might want to rethink that comment Ken :o)

0
0
Coat

@Robert Harrison

"It also considers an input validation vulnerability in the windows kernel that allows privilege escalation..." for which

"An attacker must have valid logon credentials and be able to log on locally to a vulnerable system in order to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users."

Which is why it isn't a critical updates because Critical is reserved for "A vulnerability whose exploitation could allow the propagation of an Internet worm without user action."

Mines the beige one, and off to The Pedant Arms for a pint

0
0

@AC

"Which is why it isn't a critical updates because Critical is reserved for "A vulnerability whose exploitation could allow the propagation of an Internet worm without user action."

I don't disagree with you, however my point that it's an OS vunerability and not an App-related one remains (and perhaps exploitable at a publicly accessible terminal/kiosk) :o)

Cheers.

0
0
Happy

Vista sucks...official

Ken I couldn't disagree with you more.

Of course it is a problem with the operating system?!

It's so blindingly obvious that there's no need to waste time trying to explain it further...it's all there in the article.

I find it strange that you should think the way you do.

Are you a vista developer?

0
0
This topic is closed for new posts.

Opinion

Chris Mellor

How long before Blue Big HQ pulls the plug on the whole thing?

Chris Mellor

Drives nails forged with Red Hat iron into VCE's coffin
Sleep Cycle iOS app screenshot

Trevor Pott

Forget big-spending globo biz: it's about the consumer... and he's desperate for a nap

Features

Windows 8.1 Update  Storeapps Taskbar
Chinese Buffet self-service
Chopping down the phone tree to scrump low-hanging fruit
An original member of the System/360 family announced in 1964, the Model 50 was the most powerful unit in the medium price range.
Big Blue's big $5bn bet adjusted, modified, reduced, back for more
Microsoft CEO Satya Nadella
Redmond needs to discover the mathematics of trust