Welcome to WebmasterWorld Guest from 54.166.222.116

Forum Moderators: bill

Message Too Old, No Replies

Microsoft To Patch ActiveX Control Issue With Tuesday Update

     
6:29 pm on Nov 12, 2013 (gmt 0)

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



That seems to me a swiftly repaired patch. Good stuff!

Late last Friday, November 8, 2013, a vulnerability, CVE-2013-3918, affecting an Internet Explorer ActiveX Control was publically disclosed. We have confirmed that this vulnerability is an issue already scheduled to be addressed in “Bulletin 3”, which will be released as MS13-090, as listed in the November Advanced Notification Service (ANS). The security update will be distributed to customers tomorrow via Windows Update at approximately 10:00 AM PDT. Customers who have Automatic Updates enabled will not need to take any action to receive the update. Microsoft To Patch ActiveX Control Issue With Tuesday Update [blogs.technet.com]
1:05 am on Nov 13, 2013 (gmt 0)

WebmasterWorld Administrator bill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



That's a nasty ActiveX bug that is apparently being actively exploited if the reports are correct. Lots of zero-day exploits this month:

http://krebsonsecurity.com/2013/11/zero-days-rule-novembers-patch-tuesday/ [krebsonsecurity.com]

Zero-Days Rule November’s Patch Tuesday

Three of the eight patches that Microsoft released earned its most dire “critical” label, meaning the vulnerabilities fixed in them can be exploited by malware or miscreants remotely without any help from Windows users. Among the critical patches is an update for Internet Explorer (MS13-088) that mends at least two holes in the default Windows browser (including IE 11). MS13-089 is a critical file handling flaw present in virtually every supported version of Windows.

The final critical patch – MS13-090 — fixes essentially another IE flaw (ActiveX) that showed up in targeted attacks late last week. Microsoft says attackers used a second, “information disclosure” vulnerability in tandem with the ActiveX flaw, but that the company is still investigating that one. It noted that its Enhanced Mitigation Experience Toolkit (EMET) tool successfully blocked the ActiveX exploit.
2:03 pm on Nov 13, 2013 (gmt 0)

WebmasterWorld Administrator martinibuster is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Nice!
 

Featured Threads

Hot Threads This Week

Hot Threads This Month