jump to navigation

Microsoft Critical Product Vulnerability Alert July 30, 2009

Posted by Jim Locke in Alerts.
Tags: ,

Glenn Osako, Microsoft’s Partner Territory Manager for the Western Region, has asked me to bring this Critical Vulnerability Alert to the attention of our members. Microsoft recommends that customers prepare their systems and networks to apply this security bulletin immediately to help ensure their computers are protected. Additionally, they recommend that partners patch their own systems and then reach out to their customers to ensure that their systems are secure.  Attached are details of the security advisory & guidance.

This alert is to provide you with an overview of the Microsoft Security Advisory 973882, released on Tuesday, July 28, 2009. This security advisory provides information about our ongoing investigation into vulnerabilities in the public and private versions of Microsoft’s Active Template Library (ATL). In the advisory, we provide information about what Microsoft is doing in its ongoing investigation into the issue described, and we also offer guidance to both developers and IT professionals.

  •  Guidance for Developers (bulletin MS09-035): The Microsoft ATL is used by software developers to create controls or components for the Windows platform. Microsoft strongly recommends that developers who have built controls or components with ATL take immediate action to evaluate their controls for exposure to a vulnerable condition and follow the guidance provided to create controls and components that are not vulnerable. For more information on the vulnerabilities and guidance to address issues in ATL, see MS09-035, “Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution.”
  • Guidance for IT Professionals (bulletin MS09-034): To help better protect customers while developers update their components and controls, Microsoft has developed a new defense-in-depth technology. This new defense-in-depth technology built into Internet Explorer helps to protect customers from future attacks using the Microsoft Active Template Library vulnerabilities described in this Advisory and Microsoft Security Bulletin MS09-035. IT professionals should first assess and prepare their own systems, then help their customers deploy the Internet Explorer Security Update offered in Microsoft Security Bulletin MS09-034, “Cumulative Security Update for Internet Explorer.”

Please see below for important resources and a bulletin summary.

 Key Resources

Full text of Security Advisory 973882 http://www.microsoft.com/technet/security/advisory/973882.mspx

 New Bulletin Summary

Bulletin ID  Maximum Severity Rating  Vulnerability Impact  Restart Requirement Affected Software
Visual Studio(MS09-035) Moderate Remote Code Execution Requires restart Microsoft Visual Studio .NET 2003,Microsoft Visual Studio 2005,

Microsoft Visual Studio 2008,

Microsoft Visual C++ 2005, and

Microsoft Visual C++ 2008

Internet Explorer(MS09-034) Critical Remote Code Execution Requires restart Internet Explorer on Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008


Regarding Information Consistency

We recommend that Microsoft partners use the Microsoft TechNet Security TechCenter as a key source of security information: http://technet.microsoft.com/security, and that you sign up for comprehensive alerts at http://www.microsoft.com/technet/security/bulletin/notify.mspx.  We strive to provide you with accurate information in static (this mail) and dynamic (Web-based) content. Microsoft’s security content posted to the Web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft’s Web-based security content, the information in Microsoft’s Web-based security content is authoritative.



1. Microsoft Critical Product Vulnerability Alert « SMB Technology … | Hack In The Box - July 30, 2009

[…] this article: Microsoft Critical Product Vulnerability Alert « SMB Technology … Share and […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: