ActiveX

Desktop gadgets are simple little tools that add simple little features to the desktop in Windows 7 and Vista. Simple, yes, but extremely useful. The most popular gadgets are clocks, calendars weather displays, Web feeds--stuff you need often and want fast. Clocks make great gadgets because there are so many ways to improve on the box-standard Windows system tray clock. We took a peek at ActiveX Clock Gadget, a free digital clock display that automatically changes hues. It works on 32-bit editions of Windows Vista and 7 with up-to-date ActiveX controls, or you can download a version for Windows XP.… Read more

SAN FRANCISCO--The next generation of Internet Explorer is nearly ready for the public at large, as Microsoft announces the release candidate of Internet Explorer 9 at the Hang Art Gallery in San Francisco's Union Square this morning.

A massive list of improvements debuted in the new RC, available for 32-bit Windows 7; 64-bit Windows 7; 32-bit Windows Vista; and 64-bit Windows Vista. Among the most notable enhancements are the new ActiveX filter, expanded support for HTML5 and "future-tech" standards, and advertiser tracking protection, which also was introduced this week into a prerelease version of Firefox 4.

The … Read more

The upcoming release candidate of Microsoft's Internet Explorer 9 browser is said to include a new feature that will let users selectively pick which parts of Web pages can load ActiveX elements.

According to blog WinRumors, which is citing its own sources, the security-focused feature will be included inside the first release candidate for IE9, which is expected to arrive later this month. The filter will come in the form of a toggle that sits alongside the recently announced tracking protection feature--the one that blocks third-parties from tracking user behavior from site to site. Together, the two features … Read more

A security hole in Internet Explorer that opened the browser to hackers since early July was caused by a single typo in Microsoft's code.

An errant ampersand ("&") took the blame for the exploit, admitted Microsoft in a blog published Tuesday at its Security Development Lifecycle (SDL) Web site.

Michael Howard, a security program manager at Microsoft, explained in his blog that the typo corrupted the code of an ActiveX control used by the browser. The control was created by Microsoft using an older library of code, which Howard admitted has flaws. Because of those flaws, the … Read more

Microsoft released an emergency patch on Tuesday to protect Internet Explorer users from a hole in technology used to build ActiveX controls and other Web application components that has been targeted in attacks.

A critical patch for all versions of IE will protect consumers, while a security update for Visual Studio will help developers fix the controls and components they built that could be affected.

Microsoft also has had discussions with Adobe, Sun, and Google about some components involving their software that are affected, said Mike Reavey, director of the Microsoft Security Response Center. He declined to elaborate.

Internet Explorer … Read more

Microsoft on Tuesday issued patches to fix critical vulnerabilities in DirectShow and Video ActiveX that have been targeted in attacks, as well as fixes for holes in Embedded OpenType Font Engine and Microsoft Publisher that could allow someone to remotely take control of the PC.

Overall, the six "Patch Tuesday" updates fix nine vulnerabilities in Windows, Microsoft Office, Internet Security and Acceleration Server, Virtual PC, and Virtual Server.

The three DirectShow vulnerabilities could allow an attacker to remotely run code on the machine if a user opened a specially crafted QuickTime file. Microsoft warned of exploits against one … Read more

Attackers are exploiting a new critical ActiveX hole in Microsoft Office to take control of PCs by luring Internet Explorer users to malicious Web sites, Microsoft said on Monday.

The zero-day hole, the third one announced by Microsoft in less than two months, is in Office Web Components ActiveX controls used to display and publish spreadsheets, charts, and databases to the Web.

It affects Office XP, Office 2003, Internet Security and Acceleration Server 2004 and 2006, as well as Office Small Business Accounting 2006.

The security advisory details a manual workaround, or people can use Microsoft's Fix-It tool to … Read more

Microsoft on Monday warned of a vulnerability in its Video ActiveX Control that could allow an attacker to take control of a PC if the user visits a malicious Web site.

There have been limited attacks exploiting the hole, which affects Windows XP and Windows Server 2003, Microsoft said on its Security Response Center blog.

This is the second DirectShow security hole Microsoft has announced in the past few months. The company has yet to provide a security update for a vulnerability announced in May that involves the way DirectX handles QuickTime files.

Since there are no by-design uses for … Read more

Don't count Internet Explorer out just yet.

On Wednesday, Microsoft released the second public beta for Internet Explorer 8. If anything, this release brings IE up to par with alternative browsers such as Opera, Apple's Safari, and Mozilla's Firefox in terms of security and features. It also pushes Microsoft a little ahead of the competition.

The user interface hasn't changed much since Internet Explorer 8 Beta 1, except to add a Security pull-down menu between Page and Tools on the main toolbar. In addition to blocking phishing sites, IE 8 now highlights the main domain of … Read more