Today on Blogcritics
Home » Culture and Society » Science and Technology » Microsoft ActiveX Control Wins the Bug of the Month

Microsoft ActiveX Control Wins the Bug of the Month

Please Share...Tweet about this on Twitter0Share on Facebook0Share on Google+0Share on LinkedIn0Pin on Pinterest0Share on TumblrShare on StumbleUpon0Share on Reddit0Email this to someone

Every month the BugBlog picks its Bug of the Month, representing the most significant bug found in the past 30 days. Sometimes, the bug will be the one which could potentially cause the most damage; sometimes it will be the bug which affects the most users. And sometimes, it will be the bug that is just the most interesting.

This month the Bug of the Month goes to Microsoft, for this ActiveX bug that appeared in the BugBlog on October 10.

Another bug in an ActiveX control puts users of Windows 2000, Windows XP, and Windows Server 2003 in jeopardy. The bug is in the WebViewFolderIcon ActiveX control, and if you visit a malicious website (using Microsoft Internet Explorer) that tries to exploit this bug, the bad guys may take complete control of your system. This is rated a Critical bug for Windows 2000 and Windows XP by Microsoft, and a moderate bug for Windows Server 2003. Get your patch (although there may be some problems with patch availability on 10/10).

Why this bug? Actually, it serves as a representative for two different events at Microsoft. The first is the deluge of security bulletins issued by Microsoft in October. There were ten bulletins that, together, fixed twenty-five different bugs. A patch Tuesday, this big deserves recognition.

The second thing it represents is ActiveX itself. Microsoft chose to emphasize ActiveX, instead of Java, in the '90s, and it wasn't a good decision. Over the years, there have been many security problems with ActiveX controls, and they are still occurring. An ActiveX control from AOL was the Bug of the Day on October 12, and the BugBlog Plus of November 1 reports on an exploit in the Microsoft WMI Object Broker ActiveX control.

So for these reasons, Microsoft wins another Bug of the Month.

Powered by

About Bruce Kratofil