Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

ActiveX Control vulnerability considered serious

Cyber Secure Institute : 10 July, 2009  (Technical Article)
The Cyber Secure Institute condemns Microsoft for not releasing a patch soon enough to prevent damage through ActiveX control vulnerability
Rob Housman, Executive Director of the Cyber Secure Institute, has released a statement concerning Microsoft's Security Advisory 972890 regarding a serious vulnerability in its Video ActiveX Control, which could allow a hacker to take total control of a user's computer:

With this ActiveX security flaw, if a user visits certain websites and uses the ActiveX Control system, the vulnerability allows the hacker to take control and become the main user on the personal computer—in essence they own you, or at least your computer and your data. Not only can a hacker have total access to all the data on the computer, but the hacker can use your computer for a host of malicious purposes. Because of the widespread use of Internet Explorer and ActiveX on Microsoft operating systems, this vulnerability puts at risk untold numbers of computers.

This advisory, however, is unique in that it was not accompanied by an update, or actual patch, to fix the vulnerability. Instead, the Microsoft has advised customers to use the "workaround section" to stop support of ActiveX in Internet Explorer. That Microsoft would go out with this vulnerability even without an update shows the high degree of risk here. Moreover, it shows the overall level of vulnerability inherent in today's IT environment.

Sadly, news of yet another serious vulnerability is not surprising. We have come to expect them in a world where cybersecurity is dependent upon inherently insecure IT systems. In fact, we face vulnerabilities like this one so regularly that even this serious, and unfixed "Browse Slave" vulnerability barely makes the news.

We have to break this cycle. We have to stop relying on the old hack-and-patch. We need to focus on deploying new technologies that are inherently secure—technologies that are, in fact, certified secure against the types of threats we face today. Certified, inherently secure technologies, like those of Integrity Global Security and Tenix, need to be the basis of this paradigm shift. Until we do that, expect the Institute's next Hack-and-Patch Digest shortly.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo