Executive Summary
Summary | |
---|---|
Title | Update Rollup for ActiveX Kill Bits |
Informations | |||
---|---|---|---|
Name | KB2820197 | First vendor Publication | 2013-05-14 |
Vendor | Microsoft | Last vendor Modification | 1970-01-01 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : | |||
---|---|---|---|
Cvss Base Score | Not Defined | Attack Range | Not Defined |
Cvss Impact Score | Not Defined | Attack Complexity | Not Defined |
Cvss Expoit Score | Not Defined | Authentication | Not Defined |
Calculate full CVSS 2.0 Vectors scores |
Detail
Microsoft is releasing a new set of ActiveX kill bits with this advisory. This update sets the kill bits for the following third-party software: For more information about this issue, see the following references: This advisory discusses the following software. Does this advisory apply to Server Core installations? Does this update replace the Cumulative Security Update of ActiveX Kill Bits (2618451)? What kill bits does this Update Rollup of ActiveX Kill Bits contain? Why is Microsoft releasing this Update Rollup for ActiveX Kill Bits with a security advisory when previous kill bit updates were released with a security bulletin? What is a kill bit? For more information on kill bits, see Microsoft Knowledge Base Article 240797: How to stop an ActiveX control from running in Internet Explorer. Why does this update not contain any binary files? Should I install this update if I do not have the affected component installed or use the affected platform? Does this update contain any kill bits that are not Microsoft-specific? Does this update contain kill bits that were previously released in an Internet Explorer security update? Why does this advisory not have a security rating associated with it? Review the Microsoft Knowledge Base Article that is associated with this advisory Microsoft encourages customers to install this update. Customers who are interested in learning more about this update should review Microsoft Knowledge Base Article 2820197. Workaround refers to a setting or configuration change that would help block known attack vectors before you apply the update. You can disable attempts to instantiate COM objects in Internet Explorer by setting the kill bit for the control in the registry. Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk. To set the kill bit for CLSIDs with values of {0d080d7d-28d2-4f86-bfa1-d582e5ce4867} and {29e9b436-dfac-42f9-b209-bd37bafe9317} paste the following text in a text editor such as Notepad. Then, save the file by using the .reg file name extension. You can apply this .reg file to individual systems by double-clicking it. You can also apply it across domains by using Group Policy. For more information about Group Policy, see the TechNet article, Group Policy collection. Note You must restart Internet Explorer for your changes to take effect. Impact of workaround. There is no impact as long as the object is not intended to be used in Internet Explorer. How to undo the workaround. Delete the registry keys previously added in implementing this workaround. This update includes kill bits to prevent the following ActiveX controls from being run in Internet Explorer: |
Original Source
Url : http://www.microsoft.com/technet/security/advisory/2820197.mspx |
Alert History
Date | Informations |
---|---|
2014-02-17 11:38:41 |
|
2013-05-15 05:18:02 |
|