You should not enable "unsafe activex", in order to get Windows Update to work, however. http://*.windowsupdate.com , http://download.microsoft.com, http://windowsupdate.microsoft.com , https://download.microsoft.com, and http://*.windowsupdate.com should all be enabled in trusted sites zone. This is by default on Windows 2003. Some references which are a good rule of thumb: http://msdn.microsoft.com/library/default.asp?url=/workshop/security/szo ne/overview/esc_changes.asp Windows 2003 does have a good system in this way for the paranoid. It disables activex and activescripting, but it allows for Windows Update to properly work. Its' settings are documented in the above url. > -----Original Message----- > From: Jackson, Chris [mailto:CJackson@bridgecom.com] > Sent: Thursday, July 17, 2003 10:35 AM > To: 'Siddhartha Jain(IT)'; BUGTRAQ@SECURITYFOCUS. COM > Subject: RE: Windows Update - Unsafe ActiveX control > > > > "An ActiveX control on this page is not safe. Your current security > settings > > prohibit running unsafe controls on this page. As a result, > this page > > may not display as intended." So Microsoft expects me download > > critical patches using an unsafe ActiveX control?? > > Safe for Scripting indicates that a control does not access > files, memory, or registers directly. The only purpose of the > Windows Update control is to access (and update) files > directly, so it should not be marked as safe for scripting. > > -- > Chris Jackson > Software Engineer > Microsoft MVP > -- > >
