> Specifically, it related to Microsoft Secure Channel, known as Schannel, Microsoft's software for implementing secure transfer of data.
I'm confused... The article says this research relates to the SChannel vulnerability being patched this month and cites IBM Researchers[1] finding it, but the link to the blog post showing the work is towards OLE and not SChannel. Also, Microsoft has mentioned that they found[2] the SChannel vulnerability through an internal audit. To me, it seems the research is talking about CVE-2014-6332[3], which shows the patch as MS14-064. MS14-066 is the patch for the SChannel vulnerability.
Either BBC is confused on which patch they're trying to report on, or I am.
I think the BBC reporter likely got confused. However it seems http://securityintelligence.com/ibm-x-force-researcher-finds...is a blog post about a 19 year old remotely exploitable bug being fixed recently, so it seems like if anything the link should go there.
Depends on the IE Zone settings. I believe that if you set the a zone to 'Low', a web page can execute a VBSCript code, with or without ActiveX being enabled.
I'm confused... The article says this research relates to the SChannel vulnerability being patched this month and cites IBM Researchers[1] finding it, but the link to the blog post showing the work is towards OLE and not SChannel. Also, Microsoft has mentioned that they found[2] the SChannel vulnerability through an internal audit. To me, it seems the research is talking about CVE-2014-6332[3], which shows the patch as MS14-064. MS14-066 is the patch for the SChannel vulnerability.
Either BBC is confused on which patch they're trying to report on, or I am.
Anyone similarly confused as I am?
[1] http://securityintelligence.com/ibm-x-force-researcher-finds...
[2] http://blogs.technet.com/b/srd/archive/2014/11/11/assessing-...
[3] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-633...