Microsoft: Ask us and we'll kill your ActiveX control
InfoWorld | at | by Mike
Microsoft said on Tuesday it would lock down other vendors' software using Windows Update-delivered fixes if those companies ask Microsoft to help stymie attacks. The company explained its efforts after being asked about a security update that disabled a vulnerable ActiveX control used by Yahoo Inc.'s music player program.
"If an independent software vendor discovers that they have shipped a vulnerable [ActiveX] control, they should e-mail secure@microsoft.com to work with Microsoft to issue a kill bit, disabling that control," Tim Rains, a spokesman for the Microsoft Security Response Center, said.