Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - SupportSoft Active X fixed InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

SupportSoft Active X fixed

Published: 2007-02-24
Last Updated: 2007-02-25 16:49:25 UTC
by Swa Frantzen (Version: 4)
0 comment(s)
SupportSoft's ActiveX control that allows a.o. remote assistance has been updated fixing a security issue leading to remote code execution.
Security products affected:
But do note there are many more sources for these controls to sneak in through.

Therefore we highly recommend to future proof it by using the workarounds to prevent it from being used even if something would reinstall it at some point in the future.

Consider disabling ActiveX for all but windowsupdate and/or this list of killbits:
    {01010200-5e80-11d8-9e86-0007e96c65ae}
    {01010e00-5e80-11d8-9e86-0007e96c65ae}
    {01011300-5e80-11d8-9e86-0007e96c65ae}
    {01013A00-5E80-11D8-9E86-0007E96C65AE}
    {01013B00-5E80-11D8-9E86-0007E96C65AE}
    {01013C00-5E80-11D8-9E86-0007E96C65AE}
    {01013D00-5E80-11D8-9E86-0007E96C65AE}
    {01013F00-5E80-11D8-9E86-0007E96C65AE}
    {01014000-5E80-11D8-9E86-0007E96C65AE}
    {01014100-5E80-11D8-9E86-0007E96C65AE}
    {01014B00-5E80-11D8-9E86-0007E96C65AE}
    {01111c00-3e00-11d2-8470-0060089874ed}
    {01111e00-3e00-11d2-8470-0060089874ed}
    {01111f00-3e00-11d2-8470-0060089874ed}
    {01112500-3e00-11d2-8470-0060089874ed}
    {01112800-3e00-11d2-8470-0060089874ed}
    {01113300-3e00-11d2-8470-0060089874ed}
    {01114200-3e00-11d2-8470-0060089874ed}
    {01114300-3e00-11d2-8470-0060089874ed}
    {01114400-3e00-11d2-8470-0060089874ed}
    {01114500-3e00-11d2-8470-0060089874ed}
    {01114600-3e00-11d2-8470-0060089874ed}
    {01114700-3e00-11d2-8470-0060089874ed}
    {01114800-3e00-11d2-8470-0060089874ed}
    {01116e00-3e00-11d2-8470-0060089874ed}
A .reg file for setting these killbits can be downloaded, use at your own risk.

--
Swa Frantzen -- NET2S
Keywords:
0 comment(s)
Diary Archives