Patch Tuesday tackles ActiveX exploit

 

Gallery

By Stuart Turton

Posted on 15 Jul 2009 at 10:41

Microsoft has delivered six security updates in its latest Patch Tuesday update, including a fix for the ActiveX exploit being used to attack Internet Explorer.

The six updates patch a total of nine vulnerabilities, six of which have been ranked as critical - the highest ranking in Microsoft's four-step score. A further three are labelled as important, the second-highest ranking.

The most significant of the updates applies a large number of "kill bits" to the ActiveX and DirectShow, disabling the controls being exploited by hackers to attack Internet Explorer 6 and 7. The fix is intended to temporarily address the problem, while the company beavers away on a patch.

Microsoft has confirmed that thousands of legitimate websites have been hacked to exploit the flaw in DirectShow, which Internet Explorer uses to process media.

The third critical update, identified as MS09-029, addresses two vulnerabilities in the Embedded OpenType (EOT) Engine which leave all versions of Windows open to attack.

The important fixes address holes in Microsoft Office, Publisher Internet Security and Acceleration Server, Virtual PC and Virtual Server.