Killbit

Killbit is a security feature in web browsers based on Microsoft's Trident engine (such as Internet Explorer) and other ActiveX containers that respect the killbit (such as Microsoft Office). A killbit instructs an ActiveX control container never to use a specific piece of ActiveX software, whether third-party or Microsoft, as identified by its class identifier (CLSID).

The main purpose of a killbit is to close security holes. If a vendor discovers that there is a security hole in a specific version of an ActiveX control, they can request that Microsoft put out a "killbit" for it. Killbit updates are typically deployed to Microsoft Windows operating systems via Windows Update.

Implementation

A flag in the Windows Registry identifies a CLSID as unsafe. The CLSID (a type of a GUID) acts as a serial number for the software in question. It must exist for each piece of software that behaves as an ActiveX control. If an ActiveX container finds that the CLSID of a killbit entry matches the CLSID of the software, the software is blocked from running in the ActiveX container. If a vendor wants to release an updated version then they release it with a different CLSID.

Internet Explorer's HTML application host also respects the killbit when processing the OBJECT tag in HTML, but not when processing scripts in HTML.

External links

[http://support.microsoft.com/kb/240797 Microsoft KB240797]: How to stop an ActiveX control from running in Internet Explorer (August 24, 2007)
[https://web.archive.org/web/20090408064457/http://blogs.technet.com/srd/archive/2008/02/06/The-Kill_2D00_Bit-FAQ_3A00_-Part-1-of-3.aspx Microsoft Technet]: The Kill-Bit FAQ

Category:Internet Explorer

Category:Microsoft Windows security technology