0 Members and 1 Guest are viewing this topic.
Hi malware fighters,MS has to come up with an out of band patch, because setting a killbit for an insecure ActiveX control is not enough and can now be circumvented by hackers: http://blogs.iss.net/archive/Blackhat09.htmlThis hole really created some panic at Microsoft, because this means a gigantic problem:http://www.pcworld.com/businesscenter/article/169122/microsoft_rushes_to_fix_ie_killbit_bypass_attack.htmlBy just visiting a maicious website a hacker can do whatever they please even if a patch is being installed.Why go on with a concept that was a big mistake from day 1 - ActiveX is an insecure concept period....Here a glimpse of the presentation of this 0-day: http://www.hustlelabs.com/bh2009preview/polonus
@ FreewheelinFrank Pundits of Microsoft are many and many are armchair critics.