Ryan Smith, one of the researchers who found the bug in the Microsoft MsVidCtl DLL that the vendor is rushing to patch this week, has posted a short video demonstration of a technique that bypasses the stop-gap solution of preventing the vulnerable ActiveX control from loading. The demo shows Smith using a new tool called Killbit Visualizer to log the IDs of killbits that are specifically allowed or denied. He is then able to get around the killbit protection on the vulnerable video control and cause the calculator to start on the machine.
Source: https://threatpost.com/researcher-shows-killbit-no-defense-msvidctl-flaw-072709/73016/