LINKS
INSTRUCTION
STRINGS
ACCESSORIES
MUSIC
 The Steel Guitar Forum Store 
Our Online Store
b0b's Steel Links

The Steel Guitar Forum

Help Search Join Private Messages Log in


Post new topic Microsoft Security Advisory 925444
Reply to topic
Forum Index > Computers Next oldest topic :: Next newest topic
Author Topic:  Microsoft Security Advisory 925444
Wiz Feinberg


From:
Mid-Michigan, USA
Post  Posted 28 Sep 2006 6:25 pm    
Reply with quote
Microsoft Security Advisory 925444

Vulnerability in the Microsoft DirectAnimation Path ActiveX Control Could Allow Remote Code Execution

Published: September 14, 2006 | Updated: September 27, 2006

Microsoft is investigating new public reports of vulnerability in Microsoft Internet Explorer on Windows 2000 Service Pack 4, on Windows XP Service Pack 1, and on Windows XP Service Pack 2.

We are also aware of proof of concept code published publicly and we are aware of limited attacks that are attempting to use the reported vulnerability. Customers would need to visit an attacker’s Web site to be at risk.

The ActiveX control is the Microsoft DirectAnimation Path ActiveX control, which is included in Daxctle.ocx.

Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. A security update will be released through our monthly release process or an out-of-cycle security update will be provided, depending on customer needs.

Customers are encouraged to keep their anti-virus software up to date.

Microsoft encourages users to exercise caution when they open e-mail and links in e-mail from untrusted sources. For more information about Safe Browsing, visit the Trustworthy Computing Web site.

Full up-to-date details can be found in Microsoft Security Advisory 925444, including the details about implementing the suggested official workarounds (until a patch is tested and released).

Workarounds (Overview)

Microsoft has tested the following workarounds. Although these workarounds will not correct the underlying vulnerability, they help block known attack vectors. When a workaround reduces functionality, it is identified in the following section.

Prevent the Microsoft DirectAnimation Path ActiveX control from running in Internet Explorer

Configure Internet Explorer to prompt before running Active Scripting or disable Active Scripting in the Internet and Local intranet security zone.

Configure Internet Explorer to prompt before running ActiveX Controls or disable ActiveX Controls in the Internet and Local intranet security zone.

Set Internet and Local intranet security zone settings to “High” to prompt before running ActiveX Controls and Active Scripting in these zones.

Modify the Access Control List on Daxctle.ocx to be more restrictive



------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage. Get Firefox Here.
Learn about current computer virus and security threats here.
Read Wiz's Blog for security news and update notices. My FAQs.


View user's profile Send private message Send e-mail Visit poster's website
Forum Index > Computers Next oldest topic :: Next newest topic
  Reply to topic

All times are GMT - 8 Hours
Jump to:  

Our Online Catalog
Strings, CDs, instruction,
steel guitars & accessories
www.SteelGuitarShopper.com
Please review our Forum Rules and Policies

Steel Guitar Forum LLC
PO Box 237
Mount Horeb, WI 53572 USA


Click Here to Send a Donation

Email admin@steelguitarforum.com for technical support.

Powered by phpBB © 2001, 2005 phpBB Group
BIAB Styles
Ray Price Shuffles for
Band-in-a-Box
by Jim Baron
HTTP