So, when is a security advisory, not a security advisory?
Microsoft released a security advisory 912945 out of cycle and with little publicity yesterday, the title of which is "Non-security Update for Internet Explorer". The update appears to change the default behavior of IE in handling ActiveX components. Given the security issues of ActiveX that have been discussed many times in the past, I'd say that probably does qualify as a security update and I applaud Microsoft for changing the default accept (if that is indeed what the update does, a big if). I'm just curious as to why this is being done now given their reluctance to issue patches out of cycle in the recent past. It has been reported (here among other places) that this is the result of losing a patent infringement case last fall, but I haven't seen that officially acknowledged by Microsoft.
-------------------
Jim Clausing, jclausing --at-- isc.sans.org
-------------------
Jim Clausing, jclausing --at-- isc.sans.org
Keywords:
0 comment(s)
My next class:
LINUX Incident Response and Threat Hunting | Online | US Eastern | Jan 29th - Feb 3rd 2025 |
×
Diary Archives
Comments