We're noticing the following HIPS event occurs regularly on the same PC:
Event ID 18000
Threat Names: 2846
Event Category: Host intrusion (hip.Illegal_API_Use)
Event Description: Host intrusion detected and handled
Threat source process name: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
Threat Type: bad_parameter
Action Taken: Blocked
Threat Severity: Critical
Vulnerability Name: Vulnerable ActiveX Control Loading A
Parameter passed to API is 19916E01-B44E-4E31-94A4-4696DF46157B
We have confirmed workstation already has the patch ms13-090 https://support.microsoft.com/en-us/kb/2900986 which is supposed to put in the kill bit for this particular Active X control so we're wondering if somebody could shed some light into why this event occurring. Is HIPS picking it up before the kill bit is recognized?
Thanks for your help!