Date: 13 June 2008
Click here for printable version
Greetings all,
This months' Microsoft patches included a hotfix which sets the killbit for a
third party Active X control produced by BackWeb [1]. The name may not sound
familiar, but this component is actually used in the Logitech Desktop Messenger.
If you are a user of Logitech products, it is possible that you have this
vulnerable Active X control installed on your system. This issue is mitigated
by the Microsoft patch [2], preferably download the new version of Logitech
Desktop Messenger from the Logitec website [3].
Without going into too much detail, the kill bit is only a mitigation for
inappropriate use of ActiveX and other COM controls. I recommend reading the
Microsoft three part FAQ on kill bits. [4][5][6] If you are a software
developer and need to request Microsoft to distribute a kill bit patch for
you, you can email them a request.
Regards,
Zane
[1] http://www.auscert.org.au/9444
[2] http://www.microsoft.com/technet/security/bulletin/ms08-032.mspx
[3] http://www.logitech.com/index.cfm/494/3041
[4] http://blogs.technet.com/swi/archive/2008/02/06/The-Kill_2D00_Bit-FAQ_3A00_-Part-1-of-3.aspx
[5] http://blogs.technet.com/swi/archive/2008/02/07/The-Kill_2D00_Bit-FAQ_3A00_-Post-2-of-3.aspx
[6] http://blogs.technet.com/swi/archive/2008/02/08/The-Kill_2D00_Bit-FAQ_3A00_-Part-3-of-3.aspx
|