Microsoft Adds ActiveX Fix For Monster Patch Release

Microsoft issued a cumulative fix with a new set of ActiveX Kill Bits, which it added to the long list of security bulletins for its Patch Tuesday security update released earlier this week.

The revised update for ActiveX follows a few days after Microsoft released a mammoth 11 security bulletins Tuesday, six of which repaired critical vulnerabilities in both Microsoft Office and Internet Explorer that could enable an attacker to execute malicious code remotely if exploited.

Altogether the critical patches fixed errors found in Windows Image Color Management System, ActiveX control, Microsoft Excel, and Microsoft PowerPoint, Microsoft Office filters and Internet Explorer.

Meanwhile, the ActiveX Kill Bit update affects numerous versions of Windows, including XP, Vista, Windows Server 2003 and Windows Server 2008.

The latest revision of the update includes kill bits for third-party software. A kill bit is an Internet Explorer security feature that helps prevent an ActiveX control from being loaded by the Internet Explorer HTML-rendering engine.

Altogether, the update, which resets the kill bits, addresses security vulnerabilities found in the Aurigma Image Uploader and the HP Instant Support.

Unlike security bulletins typically released during its monthly update cycle, Microsoft issued this security update in an advisory, rather than a bulletin, and did not provide a security rating, due to the fact that ActiveX is a third-party control and not owned by Microsoft.

Microsoft advises that users install the patch as soon as possible, which can be found on the Microsoft Web site. Meanwhile, users can also apply some workarounds, which include setting the kill bit for the control in the registry.

Tweet

   

More Security