Microsoft Patch Tuesday: fixes for ActiveX, but make it quick

Users should update their Windows PCs immediately with Microsoft's latest patches, which became available yesterday.

The patches fix problems with ActiveX and require users to reboot their PC. Changebase, a company which specialises in application compatibility, tested the patches yesterday and reported that they should not cause IT departments any serious compatibility problems.

Download this free guide

From forensic cyber to encryption: InfoSec17

Security technologist Bruce Schneier’s insights and warnings around the regulation of IoT security and forensic cyber psychologist Mary Aiken’s comments around the tensions between encryption and state security were the top highlights of the keynote presentations at Infosecurity Europe 2017 in London.

Start Download

• Corporate E-mail Address:

  You forgot to provide an Email Address.

  This email address doesn’t appear to be valid.

  This email address is already registered. Please login.

  You have exceeded the maximum character limit.

  Please provide a Corporate E-mail Address.

• • I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

  Please check the box if you want to proceed.

• • I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.

  Please check the box if you want to proceed.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

"With these very low numbers of issues for these nine security updates, the Changebase AOK team recommends that all these patches are rapidly deployed to a staging environment and then subsequently into production," the company said.

IT departments and end-users should update as soon as possible as the patches fix a number of critical flaws in Microsoft's ActiveX software plug-in architecture, which could be exploited by a hacker.

"All of the ActiveX issues patched this month could be easy to exploit and can impact even the average computer user," said Ben Greenbaum, senior research manager, Symantec Security Response. "For example, any user who has Microsoft Office on their machine could be vulnerable to the Microsoft Office web components vulnerabilities. Similarly, every user with Windows XP SP3 or Vista could also be susceptible to one of the remote desktop connection issues."

In a video discussing the patch update (see below), Symantec said Microsoft was likely to do more work in coming months to secure ActiveX.

Anti-virus security supplier McAfee warned that the most serious vulnerabilities addressed by the fixes could be exploited if a Windows user simply visits a malicious website or opens a rigged media file, which are common attack methods. The attacks typically involve booby-trapped websites and media files that load malicious code onto a vulnerable computer and make it part of a botnet or steal the user's private data, McAfee said.