| Top
Security News |
UK
Teen Gets Away with DoS Attack
A teenager in the UK charged with
initiating a denial-of-service
(DoS) attack against a former
employer, was found not guilty
and allowed to go free...
IM
Threats Up 1500%
Instant messaging (IM) security
entity IMLogic released new figures
on Tuesday detailing the onslaught
on instant messengers by hackers...
|
|
|
|
|
Microsoft's patching has had an incredible run of bad luck lately because they appear to be doing as much damage as they're preventing. The last two security releases, in August and October, Microsoft said might cause ActiveX controls and Java not to work properly on some websites.
Editor's Note: Do you think Microsoft
needs a new seamster for its patches? Tell us what you
think at the Security Forum in WebProWorld.
 In
three updated security bulletins, Microsoft goes into
some detail about how updates MS05-038 (August) and MS05-052
(October) create real problems with some websites. The
ActiveX
issue comes from the October update. Web pages containing
an ActiveX control do not load as expected. The bulletin
also says users may get an error message when they try
to Add/Remove Programs in the Control Panel.
To fix the problem, subkeys need to be added to the registry.
Altering the registry isn't something to be done by novices either. One
wrong step and you're reloading Windows.
The other problem,
from the August patch is tied to Java. With this particular issue, when
you view a web page that contains a moniker, the web page may not work
as expected, particularly those with Java monikers. The answer means
that custom monikers are no longer enabled. Custom monikers are used
reference and create instances of an ActiveX control or run code.
Microsoft offers solutions to both sets of problems on their
website. Now the August update requires some registry alteration as
well as disabling an implemented security change. One can screw up your
computer royally and the other could leave you open for someone else to
screw up your computer royally. In either case, "you go SQEESH just like grape."
Microsoft has had real problems with their patches lately.
Another patch is due out Tuesday with the announcement out sometime
today. One can only hope this new patch will be a lot nicer than the
last two.
Discuss at WebProWorld.
About
the Author:
John Stith is a technology writer with SecurityProNews. |
|
,
Inc. 2549 Richmond Rd. Lexington KY, 40509
