One of the most annoying features of using Internet Explorer is about to disappear.  Microsoft has released a preview of the Internet Explorer Automatic Component Activation (IE ACA) which will put an end to that annoying "click to activate" message that you get when visiting a page with embedded controls.

Because Microsoft has now licensed the relevant technologies from Eolas Technologies, it is now possible for the “click to activate” requirement for embedded controls in Internet Explorer to be removed. This update applies to both IE6 and IE7.

The IE ACA can be downloaded from Microsoft, but before you install it, make sure that you read this warning:

Although no compatibility risks are expected with the removal of the "Click to activate" behavior, we encourage our partners to test and to report any application compatibility issues that are found to Microsoft Support. Applications are expected to function correctly after the removal of the "Click to activate "behavior.

The final release is expected to hit users in April 2008.

I've installed this on a few systems today and so far nothing's exploded.  If I do notice any odd behavior, I'll be sure to let you know.

Title
=====

ITsafe Warning 07-016

What is it?
===========

A number of problems in Microsoft products.

What does it affect?
====================

The more serious problems concerning software likely to be used by ITsafe users will affect Microsoft DirectX for all versions of Windows (from Microsoft Bulletin MS07-064), Windows Media File Format for all versions of Windows (from Microsoft Bulletin MS07-068), Microsoft Internet Explorer versions 6 and 7 (from Microsoft Bulletin MS07-069).

What does it do?
================

The more serious of these problems could enable an attacker to gain control of your computer.

How do I fix it?
================

Patch your software by downloading updates from Microsoft. Patches are available from the Microsoft Update Web site or by activating Automatic Updates. For more information about updating Microsoft software see advice on the Website of our partners at Get Safe Online:

- http://www.getsafeonline.org/nqcontent.cfm?a_id=1148

Details of Specific Problem
===========================

The technical issues are described by the supplier and at the CVE website, and can be found from:

- TechNet December 2007 Security Bulletin Summary.

Notes
=====

ITsafe Warnings are issued by e-mail when significant risks have been identified that are likely to affect the majority of ITsafe users.

ITsafe Team

Making IT safe for You

http://www.itsafe.gov.uk

The UK Government Alerting and Advisory Service for Information and Communications Technologies (ICT) Security

For those of you desperate to get your hands on Windows Vista SP1 and don't want to wait for the final release, you can now get your mitts on the release candidate.

There are two ways to get your hands on the download:

The simple way - download the stand-alone installer

The more complicated way - download and run a script that allows SP1 RC to come to you via Windows Update

What goodies does SP1 bring with it?  Here's the scoop.

Two very important things to bear in mind:

• This is not the release version and things could go wrong, so make sure you have a backup
• You'll need to uninstall SP1 RC before installing the final release, so there's scope for things going wrong there too

Don't say I didn't warn you!

Here are the patches coming down the tubes from Microsoft to us today:

Critical:

• MS07-064
  This update addresses two vulnerabilities in Microsoft DirectX that could allow code execution.
• MS07-068
  This update addresses a vulnerability in Windows Media File Format that could allow remote code execution.
• MS07-069
  This is a cumulative security update for Internet Explorer and the most serious security impact could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer.

Important:

• MS07-063
  This update addresses a vulnerability in SMBv2 that could allow remote code execution.
• MS07-065
  This update addresses a vulnerability in Message Queuing that could allow remote code execution.
• MS07-066
  This update addresses a vulnerability in Windows Kernel that could allow elevation of privilege.
• MS07-067
  This update addresses a vulnerability in Macrovision Driver that could allow local elevation of privilege.

Want that Office 2007 SP1 goodness now?  Here you go buddy!  Download it direct from Microsoft.

I have the 2007 Microsoft Office Suite Service Pack 1 (SP1) coming down right now ... I'll let you know how things go.