Microsoft is releasing a new set of ActiveX kill bits with this advisory. The class identifiers (CLSIDs) for these ActiveX controls are as listed in the Frequently Asked Questions section of this advisory.

This update sets the kill bits for the following third-party software:

• Microgaming Download Helper. Microgaming has issued an advisory and an update that addresses vulnerabilities. Please see the advisory from Microgaming for more information. This kill bit is being set at the request of the owner of the ActiveX control. Customers who require support should contact Microgaming. The class identifiers (CLSIDs) for this ActiveX control are as listed in the Frequently Asked Questions section of this advisory.
• System Requirements Lab. Husdawg has issued an advisory and an update that addresses a vulnerability. Please see the advisory from Husdawg for more information. This kill bit is being set at the request of the owner of the ActiveX control. Customers who require support should contact Husdawg. The class identifiers (CLSIDs) for this ActiveX control are as listed in the Frequently Asked Questions section of this advisory.
• PhotoStockPlus Uploader Tool. PhotoStockPlus has issued an advisory on a vulnerable control. Please see the advisory from PhotoStockPlus for more information. This kill bit is being set at the request of the owner of the ActiveX control. Customers who require support should contact PhotoStockPlus. The class identifiers (CLSIDs) for this ActiveX control are as listed in the Frequently Asked Questions section of this advisory.

This update sets the kill bits for ActiveX controls addressed in previous Microsoft Security Bulletins. These kill bits are being set in this update as a defense in depth measure:

• Unsafe Functions in Office Web Components (328130), MS02-044.
• Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (933103), MS08-017.
• Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution (955617), MS08-041.
• Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593), MS08-052.

Description: This security update resolves a publicly reported vulnerability for the Microsoft Speech API. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer and has the Speech Recognition feature in Windows enabled. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This update also includes a kill bit for software produced by BackWeb. The security update addresses the vulnerability by setting a kill bit so the vulnerable controls do not run in Internet Explorer. Keep reading →

Vista hasn’t escaped the need for security updates in the month of June. All together, five updates affect Windows Vista; three critical, and two moderate. All updates affect both 32 and 64-bit systems, and it doesn’t matter if you have SP1 installed or not. Keep reading →