Another Critical Microsoft Hole

gmuslera writes "Not was enough that recent vulnerability in IE that can run any program in an unpatched windows system. Now there is another related to an ActiveX control that can make IE and IIS to run any code in the system. The Microsoft solution? kill the related ActiveX control and replace it with a safe one. The Microsoft problem? As this control is Microsoft signed, any site can require it, upload it and replace the "good" one with the vulnerable one. The final recomendation from Microsoft? Don't trust/run ActiveX controls signed by Microsoft." Gimble points to the appropriate locations on Microsoft's website: "Another buffer overrun (that allows arbitrary code to be run) has been admitted to by MS, and it affects IIS and IE on clients (but not on XP), and they have a patch available here Security Hotfix for Q329414. The kicker is that a patched system can be rendered vulnerable again by a hostile web site or HTML email. The 'solution' from MS in Microsoft Security Bulletin MS02-065 recommends that you remove MS from the list of Trusted Publishers."

Re:Sound Advice

[Anonymous+Custard]

Let's hope the US Government gets it. ..."Microsoft seeks government partnership"

If, like me, you're not pleased with the current (and soon to be republican dominated) government, you might want to do this: Encourage the government to join up with MS for a two-year contract, and make it a very visible decision. Then, furtively encourage hackers to fsck with all the new security holes in the governmental systems, in ways that do not directly hurt anyone but cause public outrage by privacy breaches, scandal exposures, and whatever else. Then, when elections come around, everyone will vote the republicans out, we can all get the new government to switch away from MS, and all will be fine in the world of tech and politics. :-)