Threat Level: green Handler on Duty: Russ McRee

SANS ISC: InfoSec Handlers Diary Blog - GUI Killbit App Available (UPDATE: CLI version too!) InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

GUI Killbit App Available (UPDATE: CLI version too!)

Published: 2008-02-05
Last Updated: 2008-02-05 19:48:41 UTC
by Tom Liston (Version: 3)
0 comment(s)

I've put together a GUI killbit app that should easily allow you to set and clear the killbits for the ActiveX issues announced today.  It works like this:

  1. It first checks to see if any of the CLSIDs exist on your system
  2. If they do, it saves a copy of any values that you currently have set for "Compatibility Flags."
  3. It then updates its display to show you if the CLSID exists and if the killbit flag is set.
  4. To set the killbit, just check the box beside any ActiveX control that you want to keep from running and then click on the "Set" button.
  5. Our suggestion: set the killbit on all of the ActiveX control unless you have a really good reason for not setting it.  Set the killbit even if you don't currently have the CLSID on your machine (indicating that the ActiveX control isn't currently installed... you never know when they MIGHT get installed...)
  6. Keep a copy of this program around (or at least remember where you got it) in case you want to undo the settings.
  7. Unchecking a checked box and clicking on "Set" will either remove the CLSID completely (if it wasn't there to begin with) or will reset "Compatibility Flags" to its original value.

The GUI version can be downloaded here.
(KillBitGui-Feb08.exe - 4096 bytes - MD5: 9428b9c3778b68e768448ca52c7d8dfd)

I'll try to put together a command-line version of this program this evening and make it available here tomorrow (U.S. time...).

UPDATE: Ok... so I got it done early... the command-line version is here.
(KillBitCLI-Feb08.exe - 4608 bytes - MD5: 30c151ab6de460f5844e9b5826495911)
Run it with no command-line parameters for usage instructions.

UPDATE2: There was an error in all of the early reporting for the CLSID of the Yahoo! Data Grid.  I've updated these applications accordingly.  The new executables have been posted and the MD5s listed above have been updated. -TL

Tom Liston - Senior Security Consultant - Intelguardians

Keywords:
0 comment(s)
Diary Archives