Disabling an ActiveX

Hello readers, Mike Reavey here.

There has been a fair amount of attention around the ”Sony XCP software” over the last many days.  As you may know from the anti-malware blog, Windows Defender and Windows AntiSpyware Beta have included detection and removal for the rootkit component of this software.  However, there are also some questions regarding the ActiveX control that was released by Sony to allow the removal of the rootkit.  It’s been reported that this ActiveX control contains vulnerabilities.  We wanted to remind customers that they can block any specific ActiveX control from running in Internet Explorer themselves.  To do this, all that’s needed is setting a registry key entry called a “kill-bit.”  Information on how to do this is in the following KB:  http://support.microsoft.com/kb/240797.  Our investigation shows that this ActiveX control uses the CLSIDs of {80E8743E-8AC5-46F1-96A0-59FA30740C51} and {4EA7C4C5-C5C0-4F5C-A008-8293505F71CC}.  We’d like to remind customers that while they need to be careful when editing the registry, the kill-bit mechanism can help protect them from any risks associated with this ActiveX control.  We’ll continue to monitor this issue and provide recommendations as they become available.

*This posting is provided “AS IS” with no warranties, and confers no rights.*