Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: So, when is a security advisory, not a security advisory? - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
So, when is a security advisory, not a security advisory?
Microsoft released a security advisory 912945 out of cycle and with little publicity yesterday, the title of which is "Non-security Update for Internet Explorer".  The update appears to change the default behavior of IE in handling ActiveX components.  Given the security issues of ActiveX that have been discussed many times in the past, I'd say that probably does qualify as a security update and I applaud Microsoft for changing the default accept (if that is indeed what the update does, a big if).  I'm just curious as to why this is being done now given their reluctance to issue patches out of cycle in the recent past.  It has been reported (here among other places) that this is the result of losing a patent infringement case last fall, but I haven't seen that officially acknowledged by Microsoft.

-------------------
Jim Clausing,  jclausing --at-- isc.sans.org
I will be teaching next: Malware Reverse-Engineering Challenge - SANS Northern VA Fall- Reston 2019

Jim

407 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!