ActiveX Security Change Released by Microsoft

By Roger on July 2, 2004 10:25 AM |

Microsoft today released a configuration change that addresses the recent malicious attack against IE known as Download.Ject.

This configuration change disables an ActiveX control known as adodb.stream. Disallowing this functionality prevents an attacker from placing malicious code on a PC hard drive and will prevent the Download.Ject attack. It can be downloaded from www.microsoft.com/downloads/details.aspx?FamilyId=4D056748-C538-46F6-B7C8-2FBFD0D237E3&displaylang=en

In addition, KB article 870669, provides information to implement this change manually: http://support.microsoft.com/default.aspx?kbid=870669.

This change has the potential to effect legit apps that use ADODB.Stream functionality. The KB article does show how to role back the change if you find that it effects your corporate applications.

For more information on the Download.Ject attack: http://www.microsoft.com/downloadject.

Categories

Microsoft

About this Entry

This page contains a single entry by Roger published on July 2, 2004 10:25 AM.

Comcast's smtp disconnects ineffective was the previous entry in this blog.

George Gardiner - News Flash is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Subscribe to feed Subscribe to this blog's feed
Add to Google
Please contact me by leaving a comment where appropriate. Otherwise, you can click here to reveal an email address for me.
Got Backups? Get Safe Online Remember Rick Rescorla Powered by Movable Type 4.2-en

Search