For all talk the about the mammoth Patch Tuesday that week, there was little discussion surrounding a new set of ActiveX kill bits Microsoft plus released. The update includes kill bits for third-party software applications Aurigma Image Uploader and HP Instant Support.

A kill bit is a defense feature in Microsoft World Wide Web Explorer. Not to be confused with Apple’s infamous iPhone kill switch, the kill bit prevents the Net Explorer HTML-rendering engine from loading an ActiveX control. The kill bit accomplishes that by making a registry setting and is referred to as “setting the kill bit.”

After the kill bit is set, the control can never be loaded, even when it is fully installed, according to Microsoft. Setting the kill bit ensures that even whether a vulnerable component is introduced or reintroduced to a system, it remains inert and harmless. Microsoft has issued kill bits for third-party software providers in past months, and continues to fill in

Playing By the Rules

Local ActiveX controls and browser plug-ins marked safe for scripting are supposed to play by assured rules, like not downloading and running executable payloads or changing safety measure settings on the local machine, according to Paul Zimski, vice president of defense solutions at Lumension safety measure.

whether you have a vulnerable plug-in that is trusted by the browser, it’s fairly easy to write some malicious HTML and get the browser to feed poor directions to carry out an attack, he said.

“Because that type of attack requires the browser to interact with the already local ActiveX plug-in, there are basically two ways to eliminate these kinds of issues. One, fix the vulnerable plug-in, or two, tell the browser to stop talking to it. The kill-bit does the latter,” Zimski said. “Microsoft seems to be stepping up to the plate by issuing kill bits for…

Orginal post by Mike

Computers Reviews Games News Mechanical Gizmo Electronic Gadget Gismos