Executive Summary
Summary | |
---|---|
Title | Update Rollup for ActiveX Kill Bits |
Informations | |||
---|---|---|---|
Name | KB956391 | First vendor Publication | 2008-10-14 |
Vendor | Microsoft | Last vendor Modification | 2009-06-17 |
Severity (Vendor) | N/A | Revision | 1.3 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : | |||
---|---|---|---|
Cvss Base Score | Not Defined | Attack Range | Not Defined |
Cvss Impact Score | Not Defined | Attack Complexity | Not Defined |
Cvss Expoit Score | Not Defined | Authentication | Not Defined |
Calculate full CVSS 2.0 Vectors scores |
Detail
Microsoft is releasing a new set of ActiveX kill bits with this advisory. The class identifiers (CLSIDs) for these ActiveX controls are as listed in the Frequently Asked Questions section of this advisory. This update sets the kill bits for the following third-party software:
This update sets the kill bits for ActiveX controls addressed in previous Microsoft Security Bulletins. These kill bits are being set in this update as a defense in depth measure:
For more information about installing this update, see Microsoft Knowledge Base Article 956391. General InformationOverviewPurpose of Advisory: Notification of the availability of an update of ActiveX kill bits. Advisory Status: Microsoft Knowledge Base Article and associated update were released. Recommendation: Review the referenced Knowledge Base Article and apply the appropriate update.
This advisory discusses the following software.
Frequently Asked QuestionsDo users with a Windows Server 2008 Server Core installation need to install this update? When applying this update, the RSClientPrint ActiveX Control stops working. How do I address this issue? Does this update replace the Cumulative Security Update of ActiveX Kill Bits (950760)? Why is Microsoft releasing this Update Rollup for ActiveX Kill Bits with a security advisory when previous kill bit updates were released with a security bulletin? Why does this advisory not have a security rating associated with it? Does this update contain kill bits that were previously released in an Update Rollup for ActiveX Kill Bits? Does this update contain kill bits that were previously shipped in an Internet Explorer security update? What is a kill bit? For more information, see Microsoft Knowledge Base Article 240797: How to stop an ActiveX control from running in Internet Explorer. What is a security update of ActiveX kill bits? Why does this update not contain any binary files? Should I install this update if I do not have the affected component installed or use the affected platform? Do I need to reapply this update if I install an ActiveX control discussed in this security update at a later date? What does this update do? The following Class Identifier relates to a request by Microgaming to set the kill bit for an ActiveX control that is vulnerable. Further details can be found in the advisory issued by Microgaming:
The following Class Identifier relates to a request by Husdawg to set the kill bit for an ActiveX control that is vulnerable. Further details can be found in the advisory issued by Husdawg:
The following Class Identifier relates to a request by PhotoStockPlus to set the kill bit for an ActiveX control that is vulnerable. Further details can be found in the advisory issued by PhotoStockPlus:
The following Class Identifiers relate to Microsoft Security Bulletins MS02-044, MS08-017, MS08-041, and MS08-052 that have previously been addressed. These kill bits are being set as a Defense in Depth.
Suggested ActionsReview the Microsoft Knowledge Base Article that is associated with this advisory Microsoft encourages customers to install this update. Customers who are interested in learning more about this update should review Microsoft Knowledge Base Article 956391. WorkaroundsWorkaround refers to a setting or configuration change that does not correct the underlying vulnerability but would help block known attack vectors before you apply the update. Microsoft has tested the following workarounds and states in the discussion whether a workaround reduces functionality:
|
Original Source
Url : http://www.microsoft.com/technet/security/advisory/956391.mspx |
Alert History
Date | Informations |
---|---|
2014-02-17 11:38:46 |
|
2014-01-19 21:29:42 |
|
2013-02-06 19:08:08 |
|