August 06, 2009

ActiveX fix, eight other Microsoft patches to land Tuesday

Microsoft expects to distribute nine patches on Tuesday as part of its monthly security update, one of which should resolve a recently announced flaw that was being actively exploited.

Eight of the fixes address vulnerabilities in Windows, five of which have been assigned a "critical" rating by the software giant. Three others are deemed "important."

The ninth bulletin, graded critical, addresses a zero-day ActiveX bug affecting Office, Visual Studio, ISA Server and BizTalk Server. The vulnerability, which has been leveraged to conduct in-the-wild attacks, resides in the Spreadsheet ActiveX control in Office Web Components, according to an advisory from July.

As users await the fix, Microsoft has been recommending they set a kill bit to prevent Office Web Components from running in Internet Explorer.

The patches are expected to be dropped about 1 p.m. EST on Tuesday.







Related Articles
Related Topics
close

Next Article in News

More in News

Privacy-bolstering "Apps Act" introduced in House

The bill would provide consumers nationwide with similar protections already enforced by a California law.

Microsoft readies permanent fix for Internet Explorer bug used in energy attacks

Microsoft is prepping a whopper of a security update that will close 33 vulnerabilities, likely including an Internet Explorer (IE) flaw that has been used in targeted website attacks against the U.S. government.

Weakness in Adobe ColdFusion allowed court hackers access to 160K SSNs

Up to 160,000 Social Security numbers and one million driver's license numbers may have been accessed by intruders.