Items tagged with ActiveX
We fully realize we are preaching to the choir, but never open up unsolicited and/or unexpected email attachments. Remind your friends and remind your family members. Lest anyone need a reminder of why this is a bad idea, security researchers are warning of a group of attackers who have been phishing for victims as part of a TrickBot malware campaign. The hackers are using the remote desktop ActiveX control in Word documents to carry out their malicious deeds. Once initiated on a Windows 10 PC, the ActiveX control automatically executes a malware downloader called Ostap, which was recently adopted by TrickBot for delivering payloads. And it all starts with phishing. Malicious actors send out...
Read more...
In case you missed it, Microsoft recently announced that its Internet Explorer browser will begin blocking out-of-date ActiveX controls starting September 9, 2014. This was originally supposed to go into effect tomorrow (August 12), though Microsoft decided to push things back a month to clear up customer confusion, and to give IT departments additional time to prepare. Microsoft wants to create a more secure browser, and since ActiveX controls are a popular means of entry for malware, blocking outdated ones altogether seems to be the safest bet in Redmond's mind. That might not be the case if ActiveX controls were regularly updated, but that doesn't always happen, making out-of-date ActiveX...
Read more...
Microsoft plans to fix a "browse-and-get-owned" vulnerability in its Video ActiveX Control when it releases software patches next week. The company acknowledged the vulnerability last week and is moving with uncharacteristic speed in issuing a fix for the problem. A second and similar vulnerability with Microsoft’s DirectShow was disclosed in May. It too will be fixed with Tuesday’s patches. According to Microsoft, both of the flaws affect older versions of Windows; Windows Vista and Windows Server 2008 users are not affected.In an advanced summary of its upcoming July 14 security patch, Microsoft said it plans to release six security bulletins on Tuesday. Three of these will be listed as critical...
Read more...
Are you as annoyed by some of the ActiveX controls you find on certain web pages, that give you a "Click to activate and use this control" message as many are?. It's soon to disappear. The issue first started with a dispute between Microsoft and Eolas Technology. Because of this, in April 2006, Microsoft made a modification to Internet Explorer. The message appeared on ActiveX controls that were directly embedded in HTML, rather than being injected via JavaScript.Next month, Microsoft will preview the modified Internet Explorer (IE) that eliminates the warning that's been popping up on screens when users select multimedia content, such as clicking on a link to a Flash file or...
Read more...
If you're running Intuit's popular QuickBooks Online Edition, the US Computer Emergency Readiness Team is warning you that your ActiveX controls might be stabbing you in the back,at least if you visit a malicious webpage. Computer Emergency Readiness Team? That's what CERT stand for? Are they like code ninjas? Does someone project an html signal onto a cloud at night to summon them? Never mind. Fix your ActiveX controls. The vulnerabilities, rated “highly critical” by Secunia, can be exploited by a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. “By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML...
Read more...
