lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1E9C827B8A7BD511B3A90000E229261002661F93@SVR00601>
Date: Thu, 17 Jul 2003 09:37:18 +0400
From: "Siddhartha Jain(IT)" <SiddharthaJ@...kmuscat.com>
To: "BUGTRAQ@...URITYFOCUS. COM" <BUGTRAQ@...urityfocus.com>
Subject: Windows Update - Unsafe ActiveX control


Hello,

I just tried to download the latest Microsoft security update by using the
Windows update utility in Internet Explorer. However, I could not do so
because I had disabled all ActiveX controls in the security settings (after
reading a terrifying paper on ActiveX security). 

After this I enabled "Download Signed ActiveX Controls" and "Run ActiveX
controls and plugins". I ran the Windows update utility again and got this
message:
"An ActiveX control on this page is not safe. Your current security settings
prohibit running unsafe controls on this page. As a result, this page may
not display as intended."
URL: http://v4.windowsupdate.microsoft.com/en/default.asp

After I clicked "Ok", I got the error message that this utility is to run by
"Administrators Only".

I am running Microsoft Windows 2000 Server SP4 and IE 6.0.2800.1106 SP1
Q818529.

So Microsoft expects me download critical patches using an unsafe ActiveX
control??

Regards,

Siddhartha Jain

"This email message is intended for the named recipient only. It may be
privileged and/or confidential. If you are not the intended named recipient
of this email then you should not copy it or use it for any purpose, nor
disclose its contents to any other person which is strictly prohibited and unlawful"



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ