Maybe it’s co-incidence, but the host of recent bad email activity, see here on my last post, say, has coincided with a Microsoft TechNet warning:
It’s a right riveting read, I can tell you.
The point is that it doesn’t look too bad to the casual computer user and Microsoft are pretty slack about it. The key bits are the “Office Web Components” and the GDI, as well as the link lower down the page. (You’ll notice there are no download links).
Follow the link and it will take you here: Microsoft Security Advisory: Cumulative security update for ActiveX which is the knowledge base article kb956391
This does list all the downloads. There’s one for all Microsoft Operating Systems by the look of it, and it came out on Aug 12, 2008.
It’s now October so why are we being told about it now?
I installed the update and it all went fine. However, I did not get a message saying that it’d already been installed, which means it didn’t come through as an automatic update months ago or that it’s default operation is to install regardless. It’s too late for me to tell now anyway.
All this came about because of a little security prompt from HM Government, no less!!! This is the authentic message on the GetSafeOnline.org website: https://www.getsafeonline.org/nqcontent.cfm?a_id=1474&alert_id=3701
So pip pip to them! Hooray!
And I do think the bad guys are rapidly moving the goalposts, the recent activity and other minor spurious web effects and emails I’ve received point to that. Just watch for the big one soon 😯