ITsVISTA
Information that makes life easier when it comes to installing, managing, and using Windows Vista.
Start About FAQ Blogroll Shop

ITsVISTA KB-Link: KB956391

Cumulative Security Update of ActiveX Kill Bits

Microsoft is releasing a new set of ActiveX kill bits with this advisory. The class identifiers (CLSIDs) for these ActiveX controls are as listed in the Frequently Asked Questions section of this advisory.

This update sets the kill bits for the following third-party software:

  • Microgaming Download Helper. Microgaming has issued an advisory and an update that addresses vulnerabilities. Please see the advisory from Microgaming for more information. This kill bit is being set at the request of the owner of the ActiveX control. Customers who require support should contact Microgaming. The class identifiers (CLSIDs) for this ActiveX control are as listed in the Frequently Asked Questions section of this advisory.
  • System Requirements Lab. Husdawg has issued an advisory and an update that addresses a vulnerability. Please see the advisory from Husdawg for more information. This kill bit is being set at the request of the owner of the ActiveX control. Customers who require support should contact Husdawg. The class identifiers (CLSIDs) for this ActiveX control are as listed in the Frequently Asked Questions section of this advisory.
  • PhotoStockPlus Uploader Tool. PhotoStockPlus has issued an advisory on a vulnerable control. Please see the advisory from PhotoStockPlus for more information. This kill bit is being set at the request of the owner of the ActiveX control. Customers who require support should contact PhotoStockPlus. The class identifiers (CLSIDs) for this ActiveX control are as listed in the Frequently Asked Questions section of this advisory.

This update sets the kill bits for ActiveX controls addressed in previous Microsoft Security Bulletins. These kill bits are being set in this update as a defense in depth measure:

  • Unsafe Functions in Office Web Components (328130), MS02-044.
  • Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (933103), MS08-017.
  • Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution (955617), MS08-041.
  • Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593), MS08-052.
There is a download that resolves this issue.

For more information on this issue, including potential causes, workarounds, and resolutions, see: Microsoft KB Article KB956391.

Get notified of new posts for FREE via RSS or E-mail

Subscribe to ITsVISTA!

Related Posts

Comments

  • Etienne St-Georges

    Oct 16, 2008 at 10:03 am

    Please note that as of october 16 2008, this KB actually breaks the print operation when using Reporting Services.

Leave a Comment