Microsoft released a security advisory 912945 out of cycle and with little publicity yesterday, the title of which is "Non-security Update for Internet Explorer". The update appears to change the default behavior of IE in handling ActiveX components. Given the security issues of ActiveX that have been discussed many times in the past, I'd say that probably does qualify as a security update and I applaud Microsoft for changing the default accept (if that is indeed what the update does, a big if). I'm just curious as to why this is being done now given their reluctance to issue patches out of cycle in the recent past. It has been reported (here among other places) that this is the result of losing a patent infringement case last fall, but I haven't seen that officially acknowledged by Microsoft.
Jim Clausing, jclausing --at-- isc.sans.org
I will be teaching next: Malware Reverse-Engineering Challenge - SANS Northern VA Fall- Reston 2019
Mar 1st 2006
1 decade ago