B
Bernardo Iglesias
As stated in Microsoft Security Bulletin MS03-038...
http://www.microsoft.com/technet/treeview/default.asp?
url=/technet/security/bulletin/MS03-038.asp
....snapshot ocx had some security issues, so Microsoft
updated it. Pretty nice, but after installing, getting the
ocx (v 10.0.5529.0) and putting it in my web sites, I
noticed that people was having problems with it,
because... the ocx is not signed!! IE refuses to even ask
for downloading it with default security!!
Maybe MS forgot to sign it?
I can't see any post related to this, so maybe I'm wrong
whith something I can't guess.
By now, I'll keep ocx v 9.0.0.2602, which is correctly
signed. But MS wrote in some related information that they
will set a 'kill bit' in next security update of IE to
prevent people downloading a 'unsecure' activex, so in the
near future I'll have no way to do a nice-public report on
the web.
Any idea?
http://www.microsoft.com/technet/treeview/default.asp?
url=/technet/security/bulletin/MS03-038.asp
....snapshot ocx had some security issues, so Microsoft
updated it. Pretty nice, but after installing, getting the
ocx (v 10.0.5529.0) and putting it in my web sites, I
noticed that people was having problems with it,
because... the ocx is not signed!! IE refuses to even ask
for downloading it with default security!!
Maybe MS forgot to sign it?
I can't see any post related to this, so maybe I'm wrong
whith something I can't guess.
By now, I'll keep ocx v 9.0.0.2602, which is correctly
signed. But MS wrote in some related information that they
will set a 'kill bit' in next security update of IE to
prevent people downloading a 'unsecure' activex, so in the
near future I'll have no way to do a nice-public report on
the web.
Any idea?