Microsoft Offers Patches To Ward Off Activex Attacks

[Peaches]

July 28, 2009 11:04 AM PDT

Microsoft offers patches to ward off ActiveX attacks

by Elinor Mills

Microsoft released an emergency patch on Tuesday to protect Internet Explorer users from a hole in technology used to build ActiveX controls and other Web application components that has been targeted in attacks.

A critical patch for all versions of IE will protect consumers, while a security update for Visual Studio will help developers fix the controls and components they built that could be affected.

Microsoft also has had discussions with Adobe, Sun, and Google about some components involving their software that are affected, said Mike Reavey, director of the Microsoft Security Response Center. He declined to elaborate.

Internet Explorer users running Flash Player and Shockwave Player are vulnerable, Adobe said in a blog post that contains links to the Adobe security bulletins for those products.

A Google spokesman said the company has been working with Microsoft on the issues but declined to comment further. And a Sun spokesperson did not respond to a call seeking comment.

Cisco will release free software updates for any of its software that is affected by the vulnerability and that there are workarounds that mitigate the issue, the company said in an advisory that has more details

CNet news - http://news.cnet.com/8301-27080_3-10297328-245.html