| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
Critical Update for Microsoft Data Access Components - Disable ADODB.Stream object from Internet Explorer (KB870669) | |
|
||
| Time: 10:51 EST/15:51 GMT | News Source: Microsoft | Posted By: Todd Richardson | ||
|
Adodb.stream provides a method for reading and writing files on a hard drive. This by-design functionality is sometimes used by web applications. However, when combined with known security vulnerabilities in Microsoft Internet Explorer, it could allow an internet web site to execute script from the Local Machine Zone (LMZ). This occurs because the ADODB.Stream object allows access to the hard drive when hosted within Internet Explorer. | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 305 Last | Next |
The time now is
5:31:50 PM
ET.
Any comment problems? E-mail us |
| #1 By 23275 (68.17.42.38) at 7/2/2004 1:38:11 PM |
|
The patch that is now available has been tested and deployed on XP, W2K and W2K3 systems and does not require a restart.
A direct download for any system struggling with WU is located here, http://www.microsoft.com/downloads/details.aspx?FamilyID=4D056748-C538-46F6-B7C8-2FBFD0D237E3&DisplayLang=en |
| #2 By 23275 (68.17.42.38) at 7/3/2004 11:54:19 AM |
|
Oh Boy....
Look, ActiveX is just a COM Client. It is one [and I think good] method of remote invocation [it was designed to allow for code validation and signing]. Any method of RMI - CORBA, Java RMI, DCOM, etc... has its vulnerabilities - a lot of them. If you think ActiveX is bad...well, please look at SUN RPC on 111 before you comment or the comments opposite Mozilla, which is a huge part of Firefox... The update provided yesterday adjusts how such remoting is handled within the LMZ on a system. It is very similar to the many changes made opposite the handling of ActiveX coontrols [COM Cliency] in XP SP2 and W2K3, its SP1 and later, its R2. Two things, 1) Set up whatever profile/configuration you like in W2K and XP - once set up, create a new user with limited rights on the LMZ. Copy the profile you created over the new limited user; verify that the new user is restricted and run as that user, only. If you need to install SW, use the "RUN AS" option - in other words, control your machine and take ownership of it. Either that, or use RUN AS each time you want to install SW and simply run as a restricted user - or wait around for MS to hold your hand and release SP2... 2) Look real hard at just how bad Mozilla and Forefox are from a security standpoint - for that matter, Minuces and Linuces, too and at just how many are rooted to the hilt - it is a lot easier than you think - particularly since the source is open and essentially always has been. The USNSA has warned all in Govt. about this for years, and even released its own hardened version to offset native vulnerabilities. The truth is, MS writes the most secure code available -despite the noise we all hear. I will say only this...there are a great number of professionals very glad that so many blindly put their faith is such systems. Thanks for the ear. |
| #3 By 23275 (68.17.42.38) at 7/3/2004 7:42:30 PM |
|
Hi, #20...not complicated at all. The reality is that MS has sought to make running a powerful multi-purpose/multi-user computer [indeed computing environment], very easy - the process is referred to as producing "Discoverable" software, or software that is intuitive enough to use that known start points and known end points are easily discoverable and supported by task based interfaces. That is all well and good and as it should be; however, modern system, which face the public networks and Internet are production systems. Such systems require the same care as any production system and very likely more.
The choices are two - either run as a restricted user after having set your system up, and limit access [in and out-bound] to only those ports needed, or run as essentially root and take your chances. Very obviously, most people are not going to accept even modest inconveniences - they'll run wide open as the administrator/root. So, MS will address most of it for them and soon add NX technologies that negate both buffer an stack over-flow vulnerabilities. Criminals will then go back to where they once pretty much stayed - the Unices, Minuces and now, Linuces - BTW, they laugh their tails off at all the well intentioned, but under-trained advocates of OSS - most are setting up very nice sources for them... We...we'll just keep doing what we do, and make it very hard on them. If you all knew the truth - the real truth, you'd know just how good MS has been and is, and also just how wrong many others are. Anyone remember when Mozilla tried to get rid of all Operating Systems and departed from standards? That BTW, is what killed Netscape, not IE and not MS. Thanks for the ear. |
| #4 By 2834353 (192.200.105.220) at 10/16/2014 8:52:58 PM |
|
http://www.wmthea.co.uk/nike-air-max-90-ice-c-36/ air max 90 ice
http://www.logosa.co.uk/ nike blazers http://www.buyairjordan1.co.uk/nike-sb-c-11/ nike stefan janoski http://www.adstock.org.uk/ nike roshe run women http://www.nbasiet.co.uk/ toms shoes uk http://www.mnshi.co.uk/ new balance trainers sale http://www.kobjd.co.uk/ nike air yeezy uk http://www.astrainers.org.uk/nike-free-50-c-43/ nike free 5.0 http://www.wmthea.co.uk/ nike air max uk http://www.prezzor.it/ ray ban occhiali http://www.freeog.fr/ nike free run http://www.roshev.es/ vans baratas http://www.max87f.es/ nike running mujer http://www.runforce.es/zapatillas-2014-c-3/ nike free run 2 mujer http://www.mnshi.co.uk/mizuno-wave-c-15/ mizuno running shoes sale http://www.wmthea.co.uk/nike-air-max-thea-c-34/ air max thea womens http://www.roshev.es/salomon-hombre-c-18/ salomon speedcross 3 cs http://www.freeog.fr/nike-roshe-run-c-7/ nike roshe run femme |
|
Write Comment
Return to News |
Displaying 1 through 25 of 305 Last | Next |
The time now is
5:31:50 PM
ET.
Any comment problems? E-mail us |
