Microsoft Patch Tuesday: fixes for ActiveX, but make it quick

Users should update their Windows PCs immediately with Microsoft's latest patches, which became available yesterday.

The patches fix problems with ActiveX and require users to reboot their PC. Changebase, a company which specialises in application compatibility, tested the patches yesterday and reported that they should not cause IT departments any serious compatibility problems.

"With these very low numbers of issues for these nine security updates, the Changebase AOK team recommends that all these patches are rapidly deployed to a staging environment and then subsequently into production," the company said.

IT departments and end-users should update as soon as possible as the patches fix a number of critical flaws in Microsoft's ActiveX software plug-in architecture, which could be exploited by a hacker.

"All of the ActiveX issues patched this month could be easy to exploit and can impact even the average computer user," said Ben Greenbaum, senior research manager, Symantec Security Response. "For example, any user who has Microsoft Office on their machine could be vulnerable to the Microsoft Office web components vulnerabilities. Similarly, every user with Windows XP SP3 or Vista could also be susceptible to one of the remote desktop connection issues."

In a video discussing the patch update (see below), Symantec said Microsoft was likely to do more work in coming months to secure ActiveX.

Anti-virus security supplier McAfee warned that the most serious vulnerabilities addressed by the fixes could be exploited if a Windows user simply visits a malicious website or opens a rigged media file, which are common attack methods. The attacks typically involve booby-trapped websites and media files that load malicious code onto a vulnerable computer and make it part of a botnet or steal the user's private data, McAfee said.