Microsoft patches BubbleBoy vulnerability

Microsoft Corporation has posted a patch for the "Active Setup Control" vulnerability, a security glitch which enabled the now-infamous BubbleBoy worm that's made so much news this week. The patch prevents the ability of an ActiveX control built into Internet Explorer 4.x and 5.x to open unsigned cabinet files that were downloaded to a local machine, generally using an email program such as Outlook Express or Outlook.

There are a variety of ways to obtain the patch. If you're using an operating system, such as Windows 98, that has access to the Windows Update Web site, head on over to download the patch. Users of other Windows operating systems can obtain the patch from the Microsoft Download Center. Here, you'll need to specify Internet Explorer 5.0 as the product, and show by date. The Active Setup Control patch should be at or near the top. A third, less convoluted approach, however, is to grab the fix from the Internet Explorer Security Area Web site

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.