Microsoft Security Advisories 969898 & 971888
Microsoft released two security advisories for the following:
Microsoft Security Advisory (971888)
Update for DNS Devolution
Published: June 9, 2009
Version: 1.0
Microsoft is announcing the availability of an update to DNS devolution that can help customers in keeping their systems protected. Customers whose domain name has three or more labels, such as "contoso.co.us", or who do not have a DNS suffix list configured, or for whom the following mitigating factors do not apply may inadvertently be allowing client systems to treat systems outside of the organizational boundary as though they were internal to the organization's boundary.
Workarounds
Microsoft has tested the following workarounds. Although these workarounds will not correct the underlying risk, they help block known attack vectors. When a workaround reduces functionality, it is identified in the following section.
- Disable DNS Devolution
- Configure a Domain Suffix Search List
http://www.microsoft.com/technet/security/advisory/971888.mspx
Microsoft Security Advisory (969898)
Update Rollup for ActiveX Kill Bits
Published: June 9, 2009
Version: 1.0
Microsoft is releasing a new set of ActiveX kill bits with this advisory.
Microsoft Visual Basic 6.0 Service Pack 6 Cumulative Update (KB957924)
The update also includes kill bits for the following third-party software:
• Derivco. This security update sets a kill bit for an ActiveX control developed by Derivco. Derivco has released a security update that addresses a vulnerability in the affected component. For more information and download locations, see the security release from Derivco. This kill bit is being set at the request of the owner of the ActiveX controls. The class identifiers (CLSIDs) for this ActiveX control are as listed in the Frequently Asked Questions section of this advisory.
• eBay Advanced Image Upload Component. This security update sets a kill bit for an ActiveX control developed by eBay. eBay has released a security update that addresses a vulnerability in the affected component. For more information and download locations, see the security release from eBay. This kill bit is being set at the request of the owner of the ActiveX controls. The class identifiers (CLSIDs) for this ActiveX control are as listed in the Frequently Asked Questions section of this advisory.
• HP Virtual Room v7.0. This security update sets a kill bit for an ActiveX control developed by Research In Motion (RIM). RIM has released a security update that addresses a vulnerability in the affected component. For more information and download locations, see the security release from HP. This kill bit is being set at the request of the owner of the ActiveX controls. The class identifiers (CLSIDs) for this ActiveX control are as listed in the Frequently Asked Questions section of this advisory.
Workarounds
Workaround refers to a setting or configuration change that does not correct the underlying vulnerability but would help block known attack vectors before you apply the update. Microsoft has tested the following workarounds and states in the discussion whether a workaround reduces functionality:
•Prevent COM objects from running in Internet Explorer
http://www.microsoft.com/technet/security/advisory/969898.mspx
More info http://blogs.technet.com/msrc/archive/2009/06/09/june-2009-bulletin-release.aspx