KB956391

Microsoft is releasing a new set of ActiveX kill bits with this advisory. The class identifiers (CLSIDs) for these ActiveX controls are as listed in the Frequently Asked Questions section of this advisory.

This update sets the kill bits for the following third-party software:

  • Microgaming Download Helper. Microgaming has issued an advisory and an update that addresses vulnerabilities. Please see the advisory from Microgaming for more information. This kill bit is being set at the request of the owner of the ActiveX control. Customers who require support should contact Microgaming. The class identifiers (CLSIDs) for this ActiveX control are as listed in the Frequently Asked Questions section of this advisory.
  • System Requirements Lab. Husdawg has issued an advisory and an update that addresses a vulnerability. Please see the advisory from Husdawg for more information. This kill bit is being set at the request of the owner of the ActiveX control. Customers who require support should contact Husdawg. The class identifiers (CLSIDs) for this ActiveX control are as listed in the Frequently Asked Questions section of this advisory.
  • PhotoStockPlus Uploader Tool. PhotoStockPlus has issued an advisory on a vulnerable control. Please see the advisory from PhotoStockPlus for more information. This kill bit is being set at the request of the owner of the ActiveX control. Customers who require support should contact PhotoStockPlus. The class identifiers (CLSIDs) for this ActiveX control are as listed in the Frequently Asked Questions section of this advisory.

This update sets the kill bits for ActiveX controls addressed in previous Microsoft Security Bulletins. These kill bits are being set in this update as a defense in depth measure:

  • Unsafe Functions in Office Web Components (328130), MS02-044.
  • Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (933103), MS08-017.
  • Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution (955617), MS08-041.
  • Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593), MS08-052.

One Reply to “KB956391”

  1. Please note that as of october 16 2008, this KB actually breaks the print operation when using Reporting Services.

Leave a Reply