According to Microsoft, you can’t trust Microsoft to supply secure software!
Not was enough that recent vulnerability in IE that can run any program in an unpatched windows system. Now there is another related to an ActiveX control that can make IE and IIS to run any code in the system. The Microsoft solution? kill the related ActiveX control and replace it with a safe one. The Microsoft problem? As this control is Microsoft signed, any site can require it, upload it and replace the “good” one with the vulnerable one. The final recomendation from Microsoft? Don’t trust/run ActiveX controls signed by Microsoft.
The truth really is stranger than fiction!!!