Microsoft Patch Tuesday: fixes for ActiveX, but make it quick
Users should update their Windows PCs immediately with Microsoft's latest patches, which became available yesterday.
Users should update their Windows PCs immediately with Microsoft's latest patches, which became available yesterday.
The patches fix problems with ActiveX and require users to reboot their PC. Changebase, a company which specialises in application compatibility, tested the patches yesterday and reported that they should not cause IT departments any serious compatibility problems.



From forensic cyber to encryption: InfoSec17
Security technologist Bruce Schneier’s insights and warnings around the regulation of IoT security and forensic cyber psychologist Mary Aiken’s comments around the tensions between encryption and state security were the top highlights of the keynote presentations at Infosecurity Europe 2017 in London.
"With these very low numbers of issues for these nine security updates, the Changebase AOK team recommends that all these patches are rapidly deployed to a staging environment and then subsequently into production," the company said.
IT departments and end-users should update as soon as possible as the patches fix a number of critical flaws in Microsoft's ActiveX software plug-in architecture, which could be exploited by a hacker.
"All of the ActiveX issues patched this month could be easy to exploit and can impact even the average computer user," said Ben Greenbaum, senior research manager, Symantec Security Response. "For example, any user who has Microsoft Office on their machine could be vulnerable to the Microsoft Office web components vulnerabilities. Similarly, every user with Windows XP SP3 or Vista could also be susceptible to one of the remote desktop connection issues."
In a video discussing the patch update (see below), Symantec said Microsoft was likely to do more work in coming months to secure ActiveX.
Anti-virus security supplier McAfee warned that the most serious vulnerabilities addressed by the fixes could be exploited if a Windows user simply visits a malicious website or opens a rigged media file, which are common attack methods. The attacks typically involve booby-trapped websites and media files that load malicious code onto a vulnerable computer and make it part of a botnet or steal the user's private data, McAfee said.
Read more on IT risk management
-
Why businesses must think like criminals to protect their data
-
Security Think Tank: Use awareness, education and controls to halt cryptojacking
-
Security Think Tank: Awareness is a good starting point to counter fileless malware
-
Security Think Tank: Human, procedural and technical response to fileless malware
Start the conversation
0 comments