If you use Visual Studio 2005 you might want to read this article about a serious security problem in the WMI Object Broker ActiveX control installed by VS.NET 2005. An exploit has been in the wild since August. The Microsoft advisory on this goes to some pains to list configurations which aren’t affected by the problem, but is somewhat less complete in stating which configurations are at risk. From reading the MS report it looks to me like if you have not installed IE 7 or are not running Server 2003 as your OS then you’re wide open, whereas if you have either IE 7 or Server 2003 then you may be OK if you haven’t changed any of the default settings.
Update (12 December 2006): Microsoft has just released a patch for this.
Post a Comment