Internet Explorer (IE) – Page 16 – Microsoft Security Response Center

MS08-041 : The Microsoft Access Snapshot Viewer ActiveX control

Security Research & Defense / By swiat / August 12, 2008 June 20, 2019

MS08-041 fixes a vulnerability in the Microsoft Access Snapshot Viewer ActiveX control. It’s an interesting vulnerability so we wanted to go into more detail about platforms at reduced risk and also more about the servicing strategy for this vulnerability. Windows Vista at reduced risk? We first heard about this vulnerability from customers sending in reports …

MS08-041 : The Microsoft Access Snapshot Viewer ActiveX control Read More »

The IE8 XSS Filter

Security Research & Defense / By swiat / July 2, 2008 June 20, 2019

Hello, our team and IE have recently collaborated on a new IE8 feature that was announced today – the XSS Filter. Check it out here: http://blogs.msdn.com/ie/archive/2008/07/02/ie8-security-part-iv-the-xss-filter.aspx This effort demonstrates our commitment to helping our product teams benefit from the knowledge we have gained while defending our products from attack. Stay tuned to our blog for more stories like this in weeks to …

The IE8 XSS Filter Read More »

MS08-023: Same bug, four different security bulletin ratings

Security Research & Defense / By swiat / April 9, 2008 June 20, 2019

Security bulletin MS08-023 addressed two ActiveX control vulnerabilities, one in a Visual Studio ActiveX control and another in a Yahoo!’s Music Jukebox ActiveX control. The security update sets the killbit for both controls. For more about how the killbit works, see the excellent three-part series (1, 2, 3) from early February in this blog. One interesting …

MS08-023: Same bug, four different security bulletin ratings Read More »

The Kill-Bit FAQ: Part 3 of 3

Security Research & Defense / By swiat / February 8, 2008 June 20, 2019

It is very common for Microsoft security bulletins to include “Kill-Bits” to disable individual ActiveX controls / COM objects. Here is the final part of our three-part Kill-Bit FAQ. The Kill-Bit FAQ – Part 3 of 3 Are there issues that could complicate the implementation of a Kill-Bit based fix? Yes. Here’s one interesting example: …

The Kill-Bit FAQ: Part 3 of 3 Read More »

The Kill-Bit FAQ: Part 2 of 3

Security Research & Defense / By swiat / February 7, 2008 June 20, 2019

It is very common for Microsoft security bulletins to include “Kill-Bits” to disable individual ActiveX controls / COM objects. Here is the second part of our three-part Kill-Bit FAQ. The Kill-Bit FAQ – Part 2 of 3 How do ActiveX Controls, OLE Controls, and COM Objects relate? An ActiveX control is an OLE control that …

The Kill-Bit FAQ: Part 2 of 3 Read More »

The Kill-Bit FAQ: Part 1 of 3

Security Research & Defense / By swiat / February 6, 2008 June 20, 2019

It is very common for Microsoft security bulletins to include “Kill-Bits” to disable individual ActiveX controls / COM objects. Here is the first part of a three-part FAQ we have developed to answer some questions around the Kill-Bit and related functionality. The Kill-Bit FAQ – Part 1 of 3 What is the Kill-Bit? The Kill-Bit …

The Kill-Bit FAQ: Part 1 of 3 Read More »