Threat Level: green Handler on Duty: Remco Verhoef

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

So, when is a security advisory, not a security advisory?

Published: 2006-03-01
Last Updated: 2006-03-01 20:09:43 UTC
by Jim Clausing (Version: 1)
0 comment(s)
Microsoft released a security advisory 912945 out of cycle and with little publicity yesterday, the title of which is "Non-security Update for Internet Explorer".  The update appears to change the default behavior of IE in handling ActiveX components.  Given the security issues of ActiveX that have been discussed many times in the past, I'd say that probably does qualify as a security update and I applaud Microsoft for changing the default accept (if that is indeed what the update does, a big if).  I'm just curious as to why this is being done now given their reluctance to issue patches out of cycle in the recent past.  It has been reported (here among other places) that this is the result of losing a patent infringement case last fall, but I haven't seen that officially acknowledged by Microsoft.

-------------------
Jim Clausing,  jclausing --at-- isc.sans.org
Keywords:
0 comment(s)
Diary Archives