Detections
Analytics
MS KB3118753: Update for ActiveX Kill Bits
critical Nessus Plugin ID 87893
Language:
Synopsis
The remote Windows host is missing an update that disables selected ActiveX controls.Description
The remote Windows host is missing one or more kill bits for ActiveX controls that are known to contain vulnerabilities.If any of these ActiveX controls are ever installed on the remote host, either now or in the future, they would expose the host to various security issues.
Note that the affected controls are from third-party vendors that have asked Microsoft to prevent their controls from being run in Internet Explorer.
Solution
Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, RT, 2012, 8.1, RT 8.1, 2012 R2, and 10.See Also
https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2016/3118753
Plugin Details
Severity: Critical
ID: 87893
File Name: smb_kb3118753.nasl
Version: 1.9
Type: local
Agent: windows
Family: Windows
Published: 1/13/2016
Updated: 11/15/2018
Supported Sensors: Nessus Agent, Nessus
Risk Information
CVSS Score Rationale: Listed as critical by vendor.
CVSS v2
Risk Factor: High
Base Score: 9.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS Score Source: manual
CVSS v3
Risk Factor: Critical
Base Score: 10
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vulnerability Information
CPE: cpe:/o:microsoft:windows
Required KB Items: SMB/MS_Bulletin_Checks/Possible, SMB/IE/Version
Patch Publication Date: 1/12/2016
Vulnerability Publication Date: 1/12/2016
Reference Information
MSKB: 3118753