CATEGORIES
home News

Browse And Get Owned Patch Coming Tuesday

by Jennifer JohnsonFriday, July 10, 2009, 06:56 PM EDT
Microsoft plans to fix a "browse-and-get-owned" vulnerability in its Video ActiveX Control when it releases software patches next week. The company acknowledged the vulnerability last week and is moving with uncharacteristic speed in issuing a fix for the problem. A second and similar vulnerability with Microsoft’s DirectShow was disclosed in May. It too will be fixed with Tuesday’s patches. According to Microsoft, both of the flaws affect older versions of Windows; Windows Vista and Windows Server 2008 users are not affected.

In an advanced summary of its upcoming July 14 security patch, Microsoft said it plans to release six security bulletins on Tuesday. Three of these will be listed as critical updates for Windows; one of them affects Windows Vista and Windows Server 2008. There will also be an important update for Publisher, an important update for Internet Security and Acceleration (ISA) Server, and an important update for Virtual PC and Virtual Server.



According to Jerry Bryant, senior security program manager at Microsoft, Microsoft is aware of limited attempts to exploit the DirectShow vulnerability. Trend Micro and Websense have found evidence to show that the ActiveX flaw is actively being exploited on Web sites in China. “Around 967 Chinese websites are reported to be infected by a malicious script that leads users to successive site redirections and lands them to download a .JPG file containing the exploit.” wrote Roland Dela Paz, a Trend Micro security engineer, in a blog post.
Tags:  Microsoft, security, Windows, patches, ActiveX, DirectShow
Jennifer Johnson

Jennifer Johnson

Jennifer grew up around technology. From an early age, she was curious about all things related to computers. As a child, Jennifer remembers spending nights with her dad programming in BASIC and taking apart hard drives to see what was inside. In high school, she wrote her senior term paper on her experiences with building custom computers.

Jennifer graduated from the Jeffrey S. Raikes School of Computer Science and Management at the University of Nebraska at Lincoln. After college, she began writing full-time for various PC and technology magazines. Later, she transitioned to the Web. In these roles, Jennifer has covered a variety of topics including laptops, desktops, smartphones, cameras, tablets, and various consumer electronics devices. When she's not playing with or writing about the latest gadget, Jennifer loves to spend time with her family, capture memories with her camera, and scrapbook.

Opinions and content posted by HotHardware contributors are their own.

TOP STORIES
Which New GPU Is For You?
More Results
KEEP INFORMED

Stay updated with the latest news and updates. Subscribe to our newsletter!

Subscribe Now
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2026 Hot Hardware Inc, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment