Microsoft "kill bit" update kills third-party ActiveX controls

Microsoft issued “kill bit” updates for ActiveX controls from HP and a Washington state developer, the third time it's disabled third-party add-ons in the last four months. One security researcher linked the release to a new program Microsoft announced last week that's designed to help other vendors find and fix bugs in their own software. Microsoft […]

Microsoft issued “kill bit” updates for ActiveX controls from HP and a Washington state developer, the third time it's disabled third-party add-ons in the last four months. One security researcher linked the release to a new program Microsoft announced last week that's designed to help other vendors find and fix bugs in their own software.

Microsoft disabled ActiveX controls from two companies, Hewlett-Packard Co. and Tacoma, Wash.-based Aurigma Inc., in its kill bit update, according to the security advisory issued Wednesday. The update was released through Windows Update, but can also be downloaded from the Microsoft site.

Both companies have acknowledged vulnerabilities in their ActiveX controls, and have, in fact, patched those controls. The HP software that Microsoft killed Wednesday were older ActiveX controls associated with a customer support application bundled with some of its PCs; the program, dubbed "HP Instant Support," is meant to help users update key drivers and other HP software.

Full Article