ActiveX

IE11 で古いバージョンの Flash ActiveX コントロールのブロックを開始

2016 年 10 月 11 日 (米国日付) より、古いバージョンの ActiveX コントロールをブロックする機能を拡張し、古いバージョンの Adobe Flash Player が対象として含まれるようになります。この更新では、Web ページが以下のバージョンより古い Flash ActiveX コントロール (ただし、そのバージョンは含まない) を読み込もうとした場合に、警告が表示されるようになります。

MBSA 2.3 and the November 2013 Security Bulletin Webcast, Q&A, and Slide Deck

Today we’re publishing the November 2013 Security Bulletin Webcast Questions & Answers page.  The majority of questions focused on the ActiveX Kill Bits bulletin (MS13-090) and the advisories. We also answered a few general questions that were not specific to any of this month’s updates, but that may be of interest. We’ve discussed the Microsoft …

MBSA 2.3 and the November 2013 Security Bulletin Webcast, Q&A, and Slide Deck Read More »

ActiveX Control issue being addressed in Update Tuesday

Late last Friday, November 8, 2013, a vulnerability, CVE-2013-3918, affecting an Internet Explorer ActiveX Control was publically disclosed. We have confirmed that this vulnerability is an issue already scheduled to be addressed in “Bulletin 3”, which will be released as MS13-090, as listed in the November Advanced Notification Service (ANS). The security update will be …

ActiveX Control issue being addressed in Update Tuesday Read More »

August 2012 Bulletin Release

Security Advisory 2661254 – Update For Minimum Certificate Key LengthBefore we get into the details of this month’s bulletin release, let’s take a look at an important change on how Windows deals with certificates that have RSA keys of less than 1024 bits in length. We’ve been talking about this subject since June, and today …

August 2012 Bulletin Release Read More »

MS12-027: Enhanced protections regarding ActiveX controls in Microsoft Office documents

Security Update MS12-027 addresses a code execution vulnerability in MSCOMCTL.OCX, the Windows Common Controls ActiveX control. By default, this component is included with all 32-bit versions of Microsoft Office. We’d like to cover the following topics in this blog post: Limited, targeted attacks leveraging this vulnerability Mitigations in recent versions of Office to reduce the …

MS12-027: Enhanced protections regarding ActiveX controls in Microsoft Office documents Read More »

June 2010 Security Bulletin Release

Hi everyone, Today, as part of our regular monthly security bulletin release cycle, we released 10 bulletins to address 34 total vulnerabilities in Windows, Microsoft Office (including SharePoint), Internet Explorer (IE), Internet Information Services (IIS), and the .NET Framework. Only three of these bulletins get our maximum severity rating of Critical. The rest are rated …

June 2010 Security Bulletin Release Read More »

October 2009 Security Bulletin Release

Summary of Microsoft’s Security Bulletin Release for October 2009 This month, we released 13 new bulletins which address 33 vulnerabilities in Windows, Internet Explorer and Microsoft Office. Since we published this information in our advance notification (ANS) last Thursday, we have been asked “is this the most bulletins Microsoft has ever released”? The short answer …

October 2009 Security Bulletin Release Read More »

August 2009 Bulletin Release

Summary of Microsoft’s Security Bulletin Release for August 2009 Hi everyone, This month, we released nine security bulletins. Five of those are rated Critical and four have an aggregate severity rating of Important. Of the nine updates, eight affect Windows and the last one affects Office Web Components (OWC). It is also important to note …

August 2009 Bulletin Release Read More »

MS09-037: Why we are using CVE’s already used in MS09-035

MS09-035 was released July 28 to address vulnerabilities in the Visual Studio Active Template Library (ATL). A related security update, MS09-034, included a defense-in-depth Internet Explorer mitigation to help protect against attacks in vulnerable components. This morning, we released security bulletin MS09-037 to addresses the ATL vulnerabilities in several Windows components. MS09-037 contains the following …

MS09-037: Why we are using CVE’s already used in MS09-035 Read More »