MS Patch Tuesday Solves ActiveX DirectShow Flaw

Microsoft has made available a patch that promises fixes for nine vulnerabilities, three marked "critical" and another three deemed "important." Most Windows users will be glad to hear that a solution for the much-feared ActiveX DirectShow flaw has also been made available.

Last week Microsoft made big news in a bad way for its ActiveX security flaw, which threatened to sicken user computers via infected web pages and "drive by" or "browse and get owned" attack codes within legitimate web pages. Much criticism lodged against Microsoft for the company's alleged knowledge of the problem since early 2008.

Patch Fixes ActiveX, Publisher Issues

Thankfully, Microsoft's recent Patch Tuesday offering appears to solve the issue.

"Today's release is important because patches were released for two recent zero-day attacks -- a QuickTime file parsing vulnerability and the recently announced DirectShow vulnerability," said Shavlik CTO Eric Schultze. (Source: informationweek.com)

The other critical issue addressed by the patch helps stiffen user defenses against a hole in the Embedded OpenType Font Engine, used in every edition of Windows.

Better Late Than Never

Most of the vulnerabilities marked "important" address issues within less mainstream systems. One solves a vulnerability in Microsoft's proxy server ISA 2006. Another addresses a weakness in Microsoft Publisher, a component in its Office 2007 software. Finally, the last fix resolves an elevation flaw in Virtual Server and Virtual PC. (Source: cnet.com)

The patch itself will be bittersweet news for many. Some security experts estimate that millions of sites were exploited by the ActiveX security hole that passed under Microsoft's nose for over a year.