Killbit
The kill bit (also known as kill-bit or kill bit ) is an entry in the Windows - registry , the activation of software parts ( COM components, especially ActiveX elements) with vulnerabilities to prevent. The killbit supports a method of software engineering that was introduced in Microsoft operating systems (especially MSHTML ).
Demarcation
The kill bit is not a bit , but is a 4- octet great value named "Compatibility Flags" and the data type REG_DWORD in Windows - registry represents.
Application and mode of action
Software can support the underlying method by preventing the instantiation or execution of COM components despite other requirements if the following conditions are met:
- HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ ActiveX Compatibility \ CLSID
- In the case of 64-bit operating systems, too
- HKEY_LOCAL_MACHINE \ SOFTWARE \ Wow6432Node \ Microsoft \ Internet Explorer \ ActiveX Compatibility \ CLSID
- Where CLSID stands for the identification number of the component .
- Under this path the value "Compatibility Flags" is set to 0x00000400.
Software that supports the kill bit
- MSHTML ( excluding HTAs )
- Microsoft Office
- Internet Explorer
example
The ActiveX control with CLSID {73BCFD0F-0DAA-4B21-B709-2A8D9D9C692A} has a "Compatibility Flags" entry in the Windows - registry with the value 0x00000400. See picture on the right. Since Internet Explorer supports this method, this ActiveX control is not executed, not even if the ActiveX control is embedded in an addressed HTML file (not to be confused with HTAs).
Solution for locked components
If a developer delivers a new, corrected version of his Active-X component blocked by a kill bit, he has to give it a new CLSID. The so-called Phoenix bit is used so that websites and applications can now use this new version even though they only know the old CLSID. This is another registry entry in the same place that defines an alternative CLSID for the blocked component - the CLSID of the new version. This registry key HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ Active-X Compatibility \ <CLSID> contains the entries for the kill bit ("Compatibility Flags = 0x00000400 (1024)") and the Phoenix bit ("AlternateCLSID = <new CLSID> ") included.