We help IT Professionals succeed at work.

Does the Kill-BIT security patches related only for Internet explorer and Microsoft office?

Dear experts,

Assuming that Internet explorer is block on a specific server (cannot be used) and Microsoft office isn’t installed on the server  can we ignore security patches that are related to “Kill-Bit” ?
From the Kill-Bit FAQ:
The Kill-Bit is respected in Internet Explorer (all zones) and also in Microsoft Office scenarios where objects are embedded within documents. The Kill-Bit should also be effective by default in any other application or platform that hosts the IE browser’s rendering engine (MSHTML). A notable exception are HTAs – with an HTA it is already possible to load unsafe controls and run arbitrary code. HTAs are an unsafe file type.

http://blogs.technet.com/b/srd/archive/2008/02/06/the-kill_2d00_bit-faq_3a00_-part-1-of-3.aspx
Comment
Watch Question

Commented:
As far as the internet explorer is disabled no need of installing the security update for Kill-Bit. But it is better to install the update.

Information:

The vulnerabilities could allow remote code execution if a user views a specially crafted Web page that instantiates a specific ActiveX control with Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This update also includes kill bits for three third-party ActiveX controls.

This security update is rated Critical for all supported editions of Windows XP, Windows Vista, and Windows 7, and Moderate for all supported editions of Windows Server 2003 (except Itanium-based editions), Windows Server2008 (except Itanium-based editions), and Windows Server 2008 R2. For Itanium-based editions of Windows Server 2003 and Windows Server 2008, this security update has no severity rating.

TolomirAdministrator
BRONZE EXPERT
Top Expert 2005

Commented:
IE provides an api for all applications, so it can be used by any program on the server.

If there is no Internet access possible for that server you should be safe. Blocking IE is not enough though.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.