cancel
Showing results for 
Search instead for 
Did you mean: 
McDuff
Level 10

HIPS Event 2846 Occuring on Active X Control with Kill Bit Already Set


Hi

We're noticing the following HIPS event occurs regularly on the same PC:

Event ID 18000

Threat Names: 2846

Event Category:  Host intrusion (hip.Illegal_API_Use)

Event Description:  Host intrusion detected and handled

Threat source process name:  C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

Threat Type:  bad_parameter

Action Taken:  Blocked

Threat Severity:  Critical

APIName:  CompatFlagsFromclsid

Vulnerability Name:  Vulnerable ActiveX Control Loading A

Parameter passed to API is 19916E01-B44E-4E31-94A4-4696DF46157B

We have confirmed  workstation already has the patch ms13-090 https://support.microsoft.com/en-us/kb/2900986 which is supposed to put in the kill bit for this particular Active X control so we're wondering if somebody could shed some light into why this event occurring.  Is HIPS picking it up before the kill bit is recognized?

Thanks for your help!

0 Kudos