MS03-040 and blocking ActiveX

Discussion in 'other security issues & news' started by meneer, Oct 17, 2003.

Thread Status:
Not open for further replies.
  1. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    Patch MS03-040 presumably closes a big ActiveX hole.
    So far we are blocking ActiveX for internetsites. In his latest Brians Buzz column, Brian Livingstone states that due to this patch, it no longer is necessary to disable ActiveX.
    Is this a sound advise?
     
  2. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    I think that advice only applies for people who had blocked ActiveX specifically to avoid that particular exploit for which the patch has now been released.

    Nevertheless, this MS patch doesn't address or protect (as far as I'm aware) against drive by downloads of spyware and other potentially unwanted or unfriendly stuff which can be an issue as long as ActiveX is enabled on all sites, trusted and unknown.

    Apps such as SpywareBlaster help to guard against some of these but in general I wouldn't say, OK now you can enable ActiveX because MS released a patch. The patch does nothing for the other reasons one is advised not to let ActiveX run on the internet without restriction.
     
  3. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    Okay, thanks. I suppose I better keep my current policy.
     
Loading...
Thread Status:
Not open for further replies.