|
|
Microsoft Patch Week |
|
Date: 13 June 2008 Original URL: http://www.auscert.org.au/render.html?cid=7066&it=9453 Greetings all, This months' Microsoft patches included a hotfix which sets the killbit for a third party Active X control produced by BackWeb [1]. The name may not sound familiar, but this component is actually used in the Logitech Desktop Messenger. If you are a user of Logitech products, it is possible that you have this vulnerable Active X control installed on your system. This issue is mitigated by the Microsoft patch [2], preferably download the new version of Logitech Desktop Messenger from the Logitec website [3]. Without going into too much detail, the kill bit is only a mitigation for inappropriate use of ActiveX and other COM controls. I recommend reading the Microsoft three part FAQ on kill bits. [4][5][6] If you are a software developer and need to request Microsoft to distribute a kill bit patch for you, you can email them a request. Regards, Zane [1] http://www.auscert.org.au/9444 [2] http://www.microsoft.com/technet/security/bulletin/ms08-032.mspx [3] http://www.logitech.com/index.cfm/494/3041 [4] http://blogs.technet.com/swi/archive/2008/02/06/The-Kill_2D00_Bit-FAQ_3A00_-Part-1-of-3.aspx [5] http://blogs.technet.com/swi/archive/2008/02/07/The-Kill_2D00_Bit-FAQ_3A00_-Post-2-of-3.aspx [6] http://blogs.technet.com/swi/archive/2008/02/08/The-Kill_2D00_Bit-FAQ_3A00_-Part-3-of-3.aspx |