Launch Printer Friendly Page Security TechCenter > > Microsoft Security Advisory (956391)

Microsoft Security Advisory (956391)

Update Rollup for ActiveX Kill Bits

Published: | Updated:

Version: 1.3

Microsoft is releasing a new set of ActiveX kill bits with this advisory. The class identifiers (CLSIDs) for these ActiveX controls are as listed in the Frequently Asked Questions section of this advisory.

This update sets the kill bits for the following third-party software:

  • Microgaming Download Helper. Microgaming has issued an advisory and an update that addresses vulnerabilities. Please see the advisory from Microgaming for more information. This kill bit is being set at the request of the owner of the ActiveX control. Customers who require support should contact Microgaming. The class identifiers (CLSIDs) for this ActiveX control are as listed in the Frequently Asked Questions section of this advisory.
  • System Requirements Lab. Husdawg has issued an advisory and an update that addresses a vulnerability. Please see the advisory from Husdawg for more information. This kill bit is being set at the request of the owner of the ActiveX control. Customers who require support should contact Husdawg. The class identifiers (CLSIDs) for this ActiveX control are as listed in the Frequently Asked Questions section of this advisory.
  • PhotoStockPlus Uploader Tool. PhotoStockPlus has issued an advisory on a vulnerable control. Please see the advisory from PhotoStockPlus for more information. This kill bit is being set at the request of the owner of the ActiveX control. Customers who require support should contact PhotoStockPlus. The class identifiers (CLSIDs) for this ActiveX control are as listed in the Frequently Asked Questions section of this advisory.

This update sets the kill bits for ActiveX controls addressed in previous Microsoft Security Bulletins. These kill bits are being set in this update as a defense in depth measure:

  • Unsafe Functions in Office Web Components (328130), MS02-044.
  • Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (933103), MS08-017.
  • Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution (955617), MS08-041.
  • Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593), MS08-052.

For more information about installing this update, see Microsoft Knowledge Base Article 956391.

General Information

Overview

Frequently Asked Questions

Suggested Actions

Other Information

Resources:

Disclaimer:

The information provided in this advisory is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Revisions:

  • V1.0 (October 14, 2008): Advisory published
  • V1.1 (October 29, 2008): Added Frequently Asked Questions entry to communicate the availability of an update for a control for which the kill bit was set.
  • V1.2 (November 12, 2008): Removed an incorrect reference that Windows Server 2008 Server Core installation is affected. Added an entry to Frequently Asked Questions to communicate that users with Windows Server 2008 Server Core installation will still be offered but do not need to install this update.
  • V1.3 (June 17, 2009): Added an entry to Frequently Asked Questions to communicate that for the purpose of automatic updating, this update does not replace the Cumulative Security Update of ActiveX Kill Bits (950760) that is described in Microsoft Security Bulletin MS08-032.