 |
 |
| ActiveWin | Anonymous | Create a User | Reviews | News | Forums | Advertise | Career Portal | Users Online: 339 |
|
|
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
Active Network |
|
ActiveMac |
|
ActiveWin |
|
ActiveXbox |
|
Careers |
|
DirectX |
|
Downloads |
|
FAQs |
|
Interviews |
|
MS Games & Hardware |
|
Reviews |
|
Support Center |
|
TopTechTips |
|
Windows 2000 |
|
Windows Me |
|
Windows Server 2003 |
|
Windows Vista |
|
Windows XP |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
Apple/Mac |
|
Xbox/Xbox 360 |
|
News Search |
|
XML/RSS Newsfeeds |
|
Pocket PC Site |
|
|
|
|
|
|
|
FAQ's |
|
Windows Vista |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows Server 2003 |
|
Windows XP |
|
Windows 7 |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox 360 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
Latest Reviews |
|
Xbox/Games |
|
Fable 2 |
|
|
|
Applications |
|
Windows Server 2008 R2 |
|
Windows 7 |
|
IE 8 |
|
|
|
Hardware |
|
iPod Touch 32GB |
|
|
|
|
|
|
|
Latest Interviews |
|
Mike Swanson |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Advertise |
|
Affiliates |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
Sponsors:
Search Engine Optimisation
Search Engine Optimization
Search Engine Optimisation
Cheap Web Hosting
Webanalyse
online credit card processing
Lenovo Laptops
Text Links
Business Gifts
SEO Services
SEO
Search Engine Optimization
Quick House Sale
Electronic Medical Records
Practice Management
Windows 7 Themes
how to unlock iphone 3g
android on iphone
search engine optimisation
wooden gates
Network Software
 |
Critical Update for Microsoft Data Access Components - Disable ADODB.Stream object from Internet Explorer (KB870669) | |
|
||
| Time: 10:51 EST/15:51 GMT | News Source: Microsoft | Posted By: Todd Richardson | ||
|
Adodb.stream provides a method for reading and writing files on a hard drive. This by-design functionality is sometimes used by web applications. However, when combined with known security vulnerabilities in Microsoft Internet Explorer, it could allow an internet web site to execute script from the Local Machine Zone (LMZ). This occurs because the ADODB.Stream object allows access to the hard drive when hosted within Internet Explorer. | ||
|
Write Comment
Return to News |
Displaying Comments 1 through 21 of 21 |
The time now is
11:27:49 PM
ET.
Any comment problems? E-mail us |
| #1 By Halcyon-X12 (4929 Posts) at 7/2/2004 11:03:09 AM |
| This guarantees that people will be visiting Windows Update today. It's good to see that Microsoft is sending out the patches to fix Internet Explorer. Hopefully there are more on the way. |
| #2 By diaphanein (323 Posts) at 7/2/2004 12:40:53 PM |
| You know what'd be a really nice feature for IE? To disable all external components, i.e. COM, ActiveX, Java, Flash, and then be able to enable them on a site-by-site basis. |
| #3 By lketchum (3260 Posts) at 7/2/2004 1:38:11 PM |
|
The patch that is now available has been tested and deployed on XP, W2K and W2K3 systems and does not require a restart.
A direct download for any system struggling with WU is located here, http://www.microsoft.com/downloads/details.aspx?FamilyID=4D056748-C538-46F6-B7C8-2FBFD0D237E3&DisplayLang=en |
| #4 By Halcyon-X12 (4929 Posts) at 7/2/2004 5:06:14 PM |
|
Awesome! There are a ton of patches which require you to reboot and causes downtime... I'm glad this one can help avoid that situation.
#2, True, the security zones isn't a very efficient system because you can't define your own zones and their context. |
| #5 By stubear (574 Posts) at 7/2/2004 5:44:58 PM |
| #2, You can do that already by setting the IE Internet security zone settings to high then add sites you know to be OK to your Trusted security zone one at a time. |
| #6 By Halcyon-X12 (4929 Posts) at 7/2/2004 6:16:18 PM |
| Hmm that's a good idea. Too ba it isn't possible to just turn off ActiveX and use Netscape plugins. |
| #7 By Mr. Dee (3459 Posts) at 7/2/2004 7:19:32 PM |
| This should have been fixed in XP SP2, its one the old bugs. |
| #8 By Parkker (1408 Posts) at 7/2/2004 8:00:37 PM |
|
"Too ba it isn't possible to just turn off ActiveX "
I have ActiveX and Java turned off. By the way, just a reminder. If you haven't updated Java recently on your PC, any website can choose to do anything to your PC. |
| #9 By Phaedrus (2660 Posts) at 7/2/2004 8:07:16 PM |
| I'm going to have to agree with you #2, it would be great if you could turn it all off. I really don't need all sorts of flashing, swirling automatically downloaded just on the web pages I look at. I prefer it to be a nice clean website that has the information that I want. |
| #10 By Halcyon-X12 (4929 Posts) at 7/2/2004 9:20:03 PM |
|
Yeah but you can't visit very many sites without IE complaining about ActiveX being shut off, and you have to actually go through the trouble of turning it on for certain sites, etc.
The browser should just work. |
| #11 By Mr. Dee (3459 Posts) at 7/2/2004 10:30:23 PM |
| I agree with #2, too, but those are things that make it so popular among developers and general users. Its like giving up Fast food to stop your outbreak of Acne. |
| #12 By Parkker (1408 Posts) at 7/2/2004 11:29:39 PM |
|
"Yeah but you can't visit very many sites without IE complaining about ActiveX being shut off, and you have to actually go through the trouble of turning it on for certain sites, etc."
Very few sites cause IE to complain. I don't worry about it. Java and ActiveX are really only safe within a corporate environment where you really trust the site. I NEVER turn either. I just don't go to sites that need Java or ActiveX. |
| #13 By Halcyon-X12 (4929 Posts) at 7/3/2004 12:50:56 AM |
| Well I won't really worry about it, I'm not using IE! I agree though that java and activex are both annoying to even have on sites and I'd much rather browse sites without these, but it's annoying when you want to watch a video or a flash thing to have to go through options and change this. There are also annoying websites that insist you have this garbage turned on before you enter their web site. What's up with that? |
| #14 By Mr. Dee (3459 Posts) at 7/3/2004 2:54:44 AM |
| Macromedia Flash is another one that gets on my nerve sometimes too. |
| #15 By Halcyon-X12 (4929 Posts) at 7/3/2004 3:29:46 AM |
| With Firefox you can get an extention that shows a (Play) button in place of any flash plugin elements. When you click the button you see the flash, but otherwise you see an unobtrusive button. It really calms a lot of pages down! |
| #16 By Mr. Dee (3459 Posts) at 7/3/2004 6:00:17 AM |
| I think Mozilla is doing just fine when it comes to that. |
| #17 By Mr. Dee (3459 Posts) at 7/3/2004 8:57:10 AM |
| I really like the FireFox and Thunderbird icons though. Well, I this patch is part of Windows updates that is downloaded automatically, because the little globe has popped up in my system tray. |
| #18 By lketchum (3260 Posts) at 7/3/2004 11:54:19 AM |
|
Oh Boy....
Look, ActiveX is just a COM Client. It is one [and I think good] method of remote invocation [it was designed to allow for code validation and signing]. Any method of RMI - CORBA, Java RMI, DCOM, etc... has its vulnerabilities - a lot of them. If you think ActiveX is bad...well, please look at SUN RPC on 111 before you comment or the comments opposite Mozilla, which is a huge part of Firefox... The update provided yesterday adjusts how such remoting is handled within the LMZ on a system. It is very similar to the many changes made opposite the handling of ActiveX coontrols [COM Cliency] in XP SP2 and W2K3, its SP1 and later, its R2. Two things, 1) Set up whatever profile/configuration you like in W2K and XP - once set up, create a new user with limited rights on the LMZ. Copy the profile you created over the new limited user; verify that the new user is restricted and run as that user, only. If you need to install SW, use the "RUN AS" option - in other words, control your machine and take ownership of it. Either that, or use RUN AS each time you want to install SW and simply run as a restricted user - or wait around for MS to hold your hand and release SP2... 2) Look real hard at just how bad Mozilla and Forefox are from a security standpoint - for that matter, Minuces and Linuces, too and at just how many are rooted to the hilt - it is a lot easier than you think - particularly since the source is open and essentially always has been. The USNSA has warned all in Govt. about this for years, and even released its own hardened version to offset native vulnerabilities. The truth is, MS writes the most secure code available -despite the noise we all hear. I will say only this...there are a great number of professionals very glad that so many blindly put their faith is such systems. Thanks for the ear. |
| #19 By Mr. Dee (3459 Posts) at 7/3/2004 1:28:32 PM |
| Wow, you seem to know a lot about this stuff#18. |
| #20 By Halcyon-X12 (4929 Posts) at 7/3/2004 7:10:15 PM |
| Isn't this a little over-complicated? It's not a very intuitive solution for the problem. |
| #21 By lketchum (3260 Posts) at 7/3/2004 7:42:30 PM |
|
Hi, #20...not complicated at all. The reality is that MS has sought to make running a powerful multi-purpose/multi-user computer [indeed computing environment], very easy - the process is referred to as producing "Discoverable" software, or software that is intuitive enough to use that known start points and known end points are easily discoverable and supported by task based interfaces. That is all well and good and as it should be; however, modern system, which face the public networks and Internet are production systems. Such systems require the same care as any production system and very likely more.
The choices are two - either run as a restricted user after having set your system up, and limit access [in and out-bound] to only those ports needed, or run as essentially root and take your chances. Very obviously, most people are not going to accept even modest inconveniences - they'll run wide open as the administrator/root. So, MS will address most of it for them and soon add NX technologies that negate both buffer an stack over-flow vulnerabilities. Criminals will then go back to where they once pretty much stayed - the Unices, Minuces and now, Linuces - BTW, they laugh their tails off at all the well intentioned, but under-trained advocates of OSS - most are setting up very nice sources for them... We...we'll just keep doing what we do, and make it very hard on them. If you all knew the truth - the real truth, you'd know just how good MS has been and is, and also just how wrong many others are. Anyone remember when Mozilla tried to get rid of all Operating Systems and departed from standards? That BTW, is what killed Netscape, not IE and not MS. Thanks for the ear. |
|
Write Comment
Return to News |
Displaying Comments 1 through 21 of 21 |
The time now is
11:27:49 PM
ET.
Any comment problems? E-mail us |
