Vulnerability

(MS13-090) Cumulative Security Update of ActiveX Kill Bits (2900986)

Publish date: November 21, 2013

CVE-2013-3918

SEVERITY

CRITICAL

//  ADVISORY DATE

21 NOV 2013


DESCRIPTION

A vulnerability exists in the InformationCardSigninHelper Class ActiveX control of the ActiveX Kill Bits component. This update resolves that vulnerability by not allowing it to run in Internet Explorer. Users with administrator privileges on the vulnerable computer are more affected than accounts with lesser access configurations.

SOLUTION

AFFECTED SOFTWARE AND VERSION

  • Windows XP Service Pack 3
  • Windows XP Professional x64 Edition Service Pack 2
  • Windows Server 2003 Service Pack 2
  • Windows Server 2003 x64 Edition Service Pack 2
  • Windows Server 2003 with SP2 for Itanium-based Systems
  • Windows Vista Service Pack 2
  • Windows Vista x64 Edition Service Pack 2
  • Windows Server 2008 for 32-bit Systems Service Pack 2
  • Windows Server 2008 for x64-based Systems Service Pack 2
  • Windows 7 for 32-bit Systems Service Pack 1
  • Windows 7 for x64-based Systems Service Pack 1
  • Windows Server 2008 R2 for x64-based Systems Service Pack 1
  • Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
  • Windows 8 for 32-bit Systems
  • Windows 8 for x64-based Systems
  • Windows 8.1 for 32-bit Systems
  • Windows 8.1 for x64-based Systems
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows RT
  • Windows RT 8.1

Featured Stories

Connect with us on