Archive for December, 2007

Make “click to activate” go away … forever!

Wednesday, December 12th, 2007

One of the most annoying features of using Internet Explorer is about to disappear.  Microsoft has released a preview of the Internet Explorer Automatic Component Activation (IE ACA) which will put an end to that annoying "click to activate" message that you get when visiting a page with embedded controls.

Because Microsoft has now licensed the relevant technologies from Eolas Technologies, it is now possible for the “click to activate” requirement for embedded controls in Internet Explorer to be removed. This update applies to both IE6 and IE7.

The IE ACA can be downloaded from Microsoft, but before you install it, make sure that you read this warning:

Although no compatibility risks are expected with the removal of the "Click to activate" behavior, we encourage our partners to test and to report any application compatibility issues that are found to Microsoft Support. Applications are expected to function correctly after the removal of the "Click to activate "behavior.

The final release is expected to hit users in April 2008.

I've installed this on a few systems today and so far nothing's exploded.  If I do notice any odd behavior, I'll be sure to let you know.

ITsafe Warning 07-016

Wednesday, December 12th, 2007


ITsafe Warning 07-016

What is it?

A number of problems in Microsoft products.

What does it affect?

The more serious problems concerning software likely to be used by ITsafe users will affect Microsoft DirectX for all versions of Windows (from Microsoft Bulletin MS07-064), Windows Media File Format for all versions of Windows (from Microsoft Bulletin MS07-068), Microsoft Internet Explorer versions 6 and 7 (from Microsoft Bulletin MS07-069).

What does it do?

The more serious of these problems could enable an attacker to gain control of your computer.

How do I fix it?

Patch your software by downloading updates from Microsoft. Patches are available from the Microsoft Update Web site or by activating Automatic Updates. For more information about updating Microsoft software see advice on the Website of our partners at Get Safe Online:


Details of Specific Problem

The technical issues are described by the supplier and at the CVE website, and can be found from:

- TechNet December 2007 Security Bulletin Summary.


ITsafe Warnings are issued by e-mail when significant risks have been identified that are likely to affect the majority of ITsafe users.

ITsafe Team

Making IT safe for You

The UK Government Alerting and Advisory Service for Information and Communications Technologies (ICT) Security

Windows Vista SP1 release candidate is out

Wednesday, December 12th, 2007

For those of you desperate to get your hands on Windows Vista SP1 and don't want to wait for the final release, you can now get your mitts on the release candidate.

There are two ways to get your hands on the download:

The simple way - download the stand-alone installer

The more complicated way - download and run a script that allows SP1 RC to come to you via Windows Update

What goodies does SP1 bring with it?  Here's the scoop.

Two very important things to bear in mind:

  • This is not the release version and things could go wrong, so make sure you have a backup
  • You'll need to uninstall SP1 RC before installing the final release, so there's scope for things going wrong there too

Don't say I didn't warn you!

December’s Patch Tuesday

Tuesday, December 11th, 2007

Here are the patches coming down the tubes from Microsoft to us today:


  • MS07-064
    This update addresses two vulnerabilities in Microsoft DirectX that could allow code execution.
  • MS07-068
    This update addresses a vulnerability in Windows Media File Format that could allow remote code execution.
  • MS07-069
    This is a cumulative security update for Internet Explorer and the most serious security impact could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer.


  • MS07-063
    This update addresses a vulnerability in SMBv2 that could allow remote code execution
  • MS07-065
    This update addresses a vulnerability in Message Queuing that could allow remote code execution
  • MS07-066
    This update addresses a vulnerability in Windows Kernel that could allow elevation of privilege.
  • MS07-067
    This update addresses a vulnerability in Macrovision Driver that could allow local elevation of privilege

Microsoft Office 2007 SP1 download here

Tuesday, December 11th, 2007

Want that Office 2007 SP1 goodness now?  Here you go buddy!  Download it direct from Microsoft.

I have the 2007 Microsoft Office Suite Service Pack 1 (SP1) coming down right now ... I'll let you know how things go.

Office 2007 SP1