Executive Summary
Summary | |
---|---|
Title | Update Rollup for ActiveX Kill Bits |
Informations | |||
---|---|---|---|
Name | KB2562937 | First vendor Publication | 2011-08-09 |
Vendor | Microsoft | Last vendor Modification | 1970-01-01 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : | |||
---|---|---|---|
Cvss Base Score | Not Defined | Attack Range | Not Defined |
Cvss Impact Score | Not Defined | Attack Complexity | Not Defined |
Cvss Expoit Score | Not Defined | Authentication | Not Defined |
Calculate full CVSS 2.0 Vectors scores |
Detail
Microsoft is releasing a new set of ActiveX kill bits with this advisory. This update sets the kill bits for the following third-party software: For more information about this issue, see the following references: This advisory discusses the following software. **Server Core installation not affected. This update does not apply to supported editions of Windows Server 2008 or Windows Server 2008 R2 as indicated, when installed using the Server Core installation option. For more information on this installation option, see the TechNet articles, Managing a Server Core Installation and Servicing a Server Core Installation. Note that the Server Core installation option does not apply to certain editions of Windows Server 2008 and Windows Server 2008 R2; see Compare Server Core Installation Options. What kill bits does this Cumulative Security Update of ActiveX Kill Bits contain? What is a kill bit? For more information on kill bits, see Microsoft Knowledge Base Article 240797: How to stop an ActiveX control from running in Internet Explorer. What is a security update of ActiveX kill bits? Why does this update not contain any binary files? Should I install this update if I do not have the affected component installed or use the affected platform? Do I need to reapply this update if I install an ActiveX control discussed in this security update at a later date? Does this update contain any kill bits that are not Microsoft-specific? Does this update contain kill bits that were previously released in an Internet Explorer security update? Why is Microsoft releasing this Update Rollup for ActiveX Kill Bits with a security advisory when previous kill bit updates were released with a security bulletin? Why does this advisory not have a security rating associated with it? Microsoft encourages customers to install this update. Customers who are interested in learning more about this update should review Microsoft Knowledge Base Article 2562937. Workaround refers to a setting or configuration change that does not correct the underlying issue but would help block known attack vectors before a security update is available. You can disable attempts to instantiate a COM object in Internet Explorer by setting the kill bit for the control in the registry. Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk. For detailed steps that you can use to prevent a control from running in Internet Explorer, see Microsoft Knowledge Base Article 240797. Follow the steps in this article to create a Compatibility Flags value in the registry to prevent a COM object from being instantiated in Internet Explorer. To set the kill bit for a CLSIDs with a value of {B4CB50E4-0309-4906-86EA-10B6641C8392}, {E4F874A0-56ED-11D0-9C43-00A0C90F29FC}, and {FB7FE605-A832-11D1-88A8-0000E8D220A6}, paste the following text in a text editor such as Notepad. Then, save the file by using the .reg file name extension. Windows Registry Editor Version 5.00 You can apply this .reg file to individual systems by double-clicking it. You can also apply it across domains by using Group Policy. For more information about Group Policy, see the TechNet article, Group Policy collection. Note You must restart Internet Explorer for your changes to take effect. Impact of Workaround. There is no impact as long as the object is not intended to be used in Internet Explorer. How to undo the workaround. Delete the registry keys previously added in implementing this workaround. This update includes kill bits to prevent the following ActiveX controls from being run in Internet Explorer: |
Original Source
Url : http://www.microsoft.com/technet/security/advisory/2562937.mspx |
Alert History
Date | Informations |
---|---|
2016-12-06 13:26:15 |
|
2014-02-17 11:38:39 |
|