Internet Explorer and ActiveX security mitigations

Microsoft released an update to mitigate a vulnerability in the “Microsoft Video” ActiveX control, which was extremely serious for IE6 users because that browser version provides no protection against this exploit unless the killbit is applied. In contrast, IE7 users had some protection against exploitation of this vulnerability due to Opt-in feature which disables most ActiveX controls (including […]

Microsoft released an update to mitigate a vulnerability in the “Microsoft Video” ActiveX control, which was extremely serious for IE6 users because that browser version provides no protection against this exploit unless the killbit is applied. In contrast, IE7 users had some protection against exploitation of this vulnerability due to Opt-in feature which disables most ActiveX controls (including this) by default. IE7 users on Vista also benefit from Protected Mode, which helps prevent the installation of malicious software, even in the event that an exploit results in code execution. Beyond Protected Mode and ActiveX Opt-in, IE8 users benefitted from additional protections that help to mitigate vulnerabilities like this one. IE8 includes the per-site ActiveX feature, which extends ActiveX Opt-in by preventing controls that are permitted to run on one site from running automatically on other sites.