The Microsoft Response Center posted a note about a new DoS proof of concept against the ADODB.connection ActiveX control. Right now, that just makes it annoying, but it could also allow execution of remote code. US-CERT has the best summary of information about it at the moment. You can either disable ActiveX entirely or set the kill bit for this control as a workaround for now. See the advisory below for details.
US-CERT Vulnerability Note - ADODB.Connection ActiveX control unspecified vulnerability
In other news, I just found out about the new Microsoft Security Intelligence Report put out by their Anti-Malware group. While some may snicker at the term "Microsoft Security Intelligence", the report actually points to some interesting trends. It does sort of read like a catalog of Windows security products as well though, but if that's what you're managing then it may be good information to know.
You can find the report at the ridiculously long link below.
Posted by Addam Schroll on October 30, 2006, in Handlers Log.