Home / Cyber Advisories

---

MS-ISAC ADVISORY NUMBER:
2008-015

DATE(S) ISSUED:
4/9/2008

SUBJECT:
Security Update of ActiveX Kill Bits

OVERVIEW:

Microsoft has released a security update which addresses a vulnerability discovered in one Microsoft ActiveX control. ActiveX controls are small programs or animations that are downloaded or embedded in Web pages which will typically enhance functionality and user experience. Many web design and development tools have built ActiveX support into their products, allowing developers to both create and make use of ActiveX controls in their programs. There are more than 1,000 existing ActiveX controls available for use today.

When vulnerabilities are discovered in ActiveX controls, attackers may use specially crafted web pages to exploit these vulnerabilities. Successful exploitation will result in an attacker gaining the same user privileges as the logged on user. If the user is logged in with administrator privileges, the attacker will have complete control of the affected system; install programs, view, change, or delete data, or create new accounts with full privileges.

SYSTEMS AFFECTED:

• Microsoft Windows 2000 Advanced Server Service Pack 4
• Microsoft Windows 2000 Datacenter Server Service Pack 4
• Microsoft Windows 2000 Professional Server Service Pack 4
• Microsoft Windows 2000 Server Service Pack 4
• Microsoft Windows 2003 Service Pack 4
• Microsoft Windows XP Service Pack 4
• Microsoft Windows XP Professional x64
• Microsoft Windows XP Professional x64 Service Pack 2
• Microsoft Windows Server 2003 Service Pack 1
• Microsoft Windows Server 2003 Service Pack 2
• Microsoft Windows Server 2003 x64 Service Pack 1
• Microsoft Windows Server 2003 x64 Service Pack 2
• Microsoft Windows Server 2003 SP1 for Itanium-Based Systems
• Microsoft Windows Server 2003 SP2 for Itanium-Based Systems
• Microsoft Windows Vista
• Microsoft Windows Vista Service Pack 1
• Microsoft Windows Vista x64
• Microsoft Windows Vista Service Pack 1 x64
• Microsoft Windows Server 2008
• Microsoft Windows Server 2008x64
• Microsoft Windows Server 2008 for Itanium-Based Systems
  

RISK:
Government:
Large and medium government entities: High
Small government entities: High

Businesses:
Large and medium business entities: High
Small business entities: High

Home users: High

DESCRIPTION:
The security update released by Microsoft addresses two ActiveX component vulnerabilities. The first of these components is a Microsoft ActiveX control, while the second is associated with the third-party Yahoo! Music Jukebox application.

Microsoft Internet Explorer includes a security feature which will prevent an ActiveX control from being loaded by using registry settings. This is commonly referred to as setting the 'kill bit' of an ActiveX component. Once the kill bit is set, the associated component can never be loaded.

This update will set the kill bits for the following Class Identifiers (CLSIDs):

 

 

The update does not contain any executable code. The update will only make the specified changes to the system registry to disable the associated controls.

 

RECOMMENDATIONS:
We recommend that the following actions be taken:

• Apply appropriate security update provided by Microsoft to vulnerable systems immediately after appropriate testing.
  http://www.microsoft.com/technet/security/bulletin/MS08-023.mspx
  
• If you believe you have been affected by targeted attacks exploiting this vulnerability, please follow your organization's policies for incident reporting.
• Do not visit un-trusted websites or follow links provided by unknown or un-trusted sources.

REFERENCES:
Microsoft:
http://www.microsoft.com/technet/security/bulletin/MS08-023.mspx
http://support.microsoft.com/kb/240797

CVE:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1086

iDefense Labs:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=680

Secunia
http://secunia.com/advisories/29714/

Yahoo
http://help.yahoo.com/l/us/yahoo/music/jukebox/troubleshoot/securityupdate.html

Copyright © 2008 - Privacy Policy - Contact Us