[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 743
  • Last Modified:

AcitveX Killbits Listing

Hello all,
For one of my clients the canned EMR software cannot have the ActiveX Killbits updates from Microsoft or it will cause the screen on the software to not show up correctly.  
Is there a way to get a listing of all AcitveX Killbits that have been released from Microsoft for both Windows XP and Windows 7?
0
chillepod
Asked:
chillepod
1 Solution
 
gheistCommented:
dranzer from cert does listing and testing of activex controls.
secunia psi does scan for security updates for non-microsoft programs.
app vendor should be able to know which control is used and which update is needed to avoid blacklisting.
0
 
Rich RumbleSecurity SamuraiCommented:
http://support.microsoft.com/kb/240797 (see the bottom for kill-bit FAQ)Kill-bits are located in the registry:
x86 IE / x86 OS: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\CLSID of the ActiveX control

x64 IE / x64 OS: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\CLSID of the ActiveX control

x86 IE / x64 OS: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\CLSID of the ActiveX control
And they have a Compatibility Flag value of 0x00000400
Here is a simple query you can do:
From a command prompt:
Reg.exe QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility" /f 1024 /t REG_DWORD /s >c:\Output.txt
That will send all the output to a txt file called output.txt on your C:
Change the Registry path if needed, you can so do this against remote machines, see "reg.exe /?"  help if you need more syntax.
-rich
0
 
Darr247Commented:
For what it's worth, the kill bits update last week was KB2508272.

If you follow the IT Professionals link in that KB article to
http://www.microsoft.com/technet/security/bulletin/MS11-027.mspx
and expand the Third-Party Kill Bits section, it shows that update prevents the activex CLSID's

{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA}
{7B297BFD-85E4-4092-B2AF-16A91B2EA103}
{4918D1BD-B497-4f2f-A429-3C3CD74694FE}
{B3F90F4F-B521-4c76-BE28-DB569320CB8F}
{4F496A52-13F7-483d-B5E2-0FC4AA567749}
{FA44198C-E0B3-4f10-8B77-F646EC7CE684}
{83F0C8F0-4900-4909-A0AD-A5BAAC432739}
{29851043-AA76-4efd-9232-4914DD0AD4A1}
{8469A9DE-A3BF-4218-A1D2-F19AA9EA1617}
{C679DECC-5289-4856-B504-74B11ADD424A}
{2C37C480-CEE3-11D1-82C3-0060089253D0}
{53655704-5956-11D3-91AA-005004B34F28}
{687F154E-1099-11D4-91F9-005004B34F28}
{6F225D94-9318-11D4-9223-005004B34F28}

from running in IE.

Anyway, you might want to contact the software's creators for a workaround.  Because overriding kill bits that prevent unauthenticated access could be a violation of HIPAA laws. (or maybe EMR means something other than electronic medical records?)
0
 
chillepodAuthor Commented:
That is what I was looking for.
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now