“Since Feb. 16–the day before Microsoft officially launched
Windows 2000–Microsoft has issued five separate official security
bulletins, with independent analysts delivering several more.
To top the week off, antivirus vendors announced the discovery of
the first confirmed Windows-based distributed denial-of-service
(DDoS) tool.”
“Perhaps the most dangerous of these issues, first announced by
veteran bug-spotter Juan Cuartago, may present a threat to Internet
Explorer (IE) and Outlook users. The problem lies in an ActiveX
control called MS Active Setup, which can automatically install
Microsoft-authenticated code onto a Windows-based machine. The
install process can be triggered without any warning simply by
visiting a Web page or viewing an e-mail containing the code.”
“But according to the Microsoft Security Response Team, this
automatic installation is a feature, rather than a bug. In an
e-mail to the BugTraq mailing list, the Microsoft team states the
feature was included ‘in order to improve our customers’ experience
while downloading software from Microsoft Web sites.’ “