Kill Bits

[Flaviana Bresee]

Killbitis a security feature in web browsers based on Microsoft's Trident engine (such as Internet Explorer) and other ActiveX containers that respect the killbit (such as Microsoft Office). A killbit instructs an ActiveX control container never to use a specific piece of ActiveX software, whether third-party or Microsoft, as identified by its class identifier (CLSID).

The main purpose of a killbit is to close security holes. If a vendor discovers that there is a security hole in a specific version of an ActiveX control, they can request that Microsoft put out a "killbit" for it. Killbit updates are typically deployed to Microsoft Windows operating systems via Windows Update.

A flag in the Windows Registry identifies a CLSID as unsafe. The CLSID (a type of a GUID) acts as a serial number for the software in question. It must exist for each piece of software that behaves as an ActiveX control. If an ActiveX container finds that the CLSID of a killbit entry matches the CLSID of the software, the software is blocked from running in the ActiveX container. If a vendor wants to release an updated version then they release it with a different CLSID.

It is not the Kill() call that fails, it is the foreach on process.Modules. Which is very problematic in a 32-bit process when the target process is 64-bit, this doesn't get emulated perfectly in the Wow64 emulation layer. That's surely a //TODO comment somewhere in the Windows source code with good odds that it just can't easily be implemented.

You'll have to make do with the Process.Name property. Or change your project's Target platform setting in the Compile tab to AnyCPU so that you'll run as a 64-bit process as well. Using the Modules property like you do doesn't otherwise make the code any safer, you are just as likely to kill the wrong process.

Use Process.GetProcessesByName(), which will in most cases by identical to looking for the name of (main) module. You will still have to deal with the fact, that this will return multiple processes,so you may or may not want to kill all of them, but, YMMV.

Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\3A2B370C-BA0A-11D1-B137-0000F8753F5D]

"Compatibility Flags"=dword:00800000[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\1E216240-1B7D-11CF-9D53-00AA003C9CB6]

"Compatibility Flags"=dword:00800000[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\248DD896-BB45-11CF-9ABC-0080C7E7B78D]

"Compatibility Flags"=dword:00800000[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\B09DE715-87C1-11D1-8BE3-0000F8754DA1]

"Compatibility Flags"=dword:00800000[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\C932BA85-4374-101B-A56C-00AA003668DC]

"Compatibility Flags"=dword:00800000[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\CDE57A43-8B86-11D0-B3C6-00A0C90AEA82]

"Compatibility Flags"=dword:00800000[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\0ECD9B64-23AA-11D0-B351-00A0C9055D8E]

"Compatibility Flags"=dword:00800000[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\6262D3A0-531B-11CF-91F6-C2863C385E30]

"Compatibility Flags"=dword:00800000

Dik Hogeweide wrote:Word 2003 crashes or fails to run macros after Windows Update last night

10-Mar-09Word fails to excecute the winsck.ocx. It does not even show up in the file anymore, attempting to put it back generates the error that it is not registered correctly.All changes in the security to allow activex components did not help.

Uninstall the kb960715 patch just restores as it was before.Probably one of these patches the world did not asked for.DikPrevious Posts In This Thread:On Wednesday, February 11, 2009 1:14 PM

Brian Knittel wrote:Word 2003 crashes or fails to run macros after Windows Update last night

On two different systems that installed a Windows Update last night, Word

2003 no longer runs macros that worked yesterday.On Vista SP1 64-bit, Word 2003 faults and quits. The exact statement that

causes the crash varies.

On XP Pro SP3, the same macro package just stops with run-time error 361,

"Can't load or unload

this object." loading a form.On Vista, the macro application worked again after rolling back to the

system restore point taken at 3AM today.

I haven't rolled XP back yet. I can see only three updates installed last

night: Security Update for Windows XP (KB960715)

Security Update for Windows Internet Explorer 7 (KB961260)

Update for Outlook 2003: Junk E-mail Filter (KB959614)

Anyone else seeing issues with Word 2003 today?BrianOn Wednesday, February 11, 2009 2:15 PM

Brian Knittel wrote:The macro application uses an MSFlexGrid control in a form, and it looks like

The macro application uses an MSFlexGrid control in a form, and it looks

like one of last night's updates included a kill bit for the FlexGrid

control. That may explain part of the problem. But Word shouldn't be

crashing outright.On Thursday, February 12, 2009 5:50 AM

Terry Farrell wrote:If this was due to the updates, you should call Microsoft and make a support

If this was due to the updates, you should call Microsoft and make a support

call. All support calls for update bugs are free of charge.--

Terry Farrell - MSWord MVPOn Friday, February 13, 2009 3:12 PM

Brian Knittel wrote:I don't know if they'd be interested in hearing about it.

I don't know if they'd be interested in hearing about it. Technically

speaking, the update didn't directly cause the problem. The update installed

a kill bit (disabled) an old version of the MSFlexGrid ActiveX control. With

the control disabled, Word crashed when it tried to instantiate the ActiveX

object in a form. The bug is in Word or VBA, and it's a generic problem

(handling of controls with kill bits) as opposed to something specific about

this particular update.And, again technically speaking, it's my responsibility to have known that

the MSFlexGrid control was updated last October, and I should have

downloaded it and installed it before this kill bit came along.Much worse things happened yesterday in the aftermath. I had a *heck* of a

time getting the application going again even after installing the updated

version of msflxgrd.ocx (obtained finally via a FoxPro hotfix. Microsoft

won't give this updated control away easily). Word simply refused to run the

form, saying that there was a missing object reference. I got the error

"Object library invalid or contains references to object definitions that

could not be found." In the References dialog, though, nothing said

"MISSING".What it turned out to be was that the FlexGiid object had been registered

both machine-wide and specifically for my user account (that is, both under

HKEY_CLASSES_ROOT and in HKEY_CURRENT_USER\Software\Classes). I'm not sure

how this came to be, whether I ran regsvr32 under my own account before or

after installing the hotfix, or if the hotfix installer did it, or what, but

the upshot was that the damn thing would not instantiate until I deleted the

entries for the flexgrid control under HKEY_CURRENT_USER\Software\Classes.

It was just chance that I tried running the application as Administrator and

found that it worked; otherwise I would never have thought to look there.Anyway -- one lesson here is that when you can't get an ActiveX control to

work in VBA or a Word or Excel macro form, check the registry to see if

HKEY_CURRENT_USER\Software\Classes has a definition for the control. It

probably should not. Controls should be registered by Administrator only,

and the definitions should be in HKEY_CLASSES_ROOT.On Wednesday, February 18, 2009 2:49 PM

VenkatatCincy wrote:Right now I am on your shoe and not only me many of my users having sameissue,

Right now I am on your shoe and not only me many of my users having same

issue, helpdesk doesn't want to change the registry file, is there any

workaround to solve this issue.

We are using MSFlexGrid ActiveX Control in Excel, when I try to debug we are

getting Compile Error, variable not defined at MSFlexGrid. Could you please

help me if you find solution.

Thanks in Advance,

V

Brian Knittel wrote:On Wednesday, February 18, 2009 5:19 PM

Terry Farrell wrote:The current solution is to uninstall update KB 960715.

The current solution is to uninstall update KB 960715.--

Terry Farrell - MSWord MVPOn Tuesday, March 10, 2009 12:13 PM

Dik Hogeweide wrote:Word 2003 crashes or fails to run macros after Windows Update last night

Word fails to excecute the winsck.ocx. It does not even show up in the file anymore, attempting to put it back generates the error that it is not registered correctly.All changes in the security to allow activex components did not help.

Uninstall the kb960715 patch just restores as it was before.Probably one of these patches the world did not asked for.Dik

Submitted via EggHeadCafe - Software Developer Portal of Choice

WPF Custom Validation Using the Enterprise Library

-d7f3-4e00-9aec-33ef1ec7d1a3/wpf-custom-validation-usi.aspx

How long will a dunk last? One dunk treats 100 square feet of water for at least 30 days, says the package. Buckets have fewer than 2 square feet of water, so I break one dunk into 4 parts.

Each 1/4 dunk lasts longer than 30 days, but it is easier to simply add a new 1/4 on the first day of each month.*

Black has long been considered an attractive color for mosquitoes, and a recent article (linked below) confirms this, but also tests other colors. Winners are black, red, orange, cyan. High contrast is also good.

Hello! My bucket of doom has been going for about a month. It is absolutely fascinating to see it in action. Eggs have hatched and there are little beings swimming in the water. I have half of a mosquito dunk in the bucket. To be certain I am doing this correctly, will there be some larvae alive in the water for a short time before they die? Or should the dunk kill the larvae upon hatching? I do not want my bucket of doom to be a mosquito factory.

3a8082e126