Microsoft Details Out-of-Band July Update
Article by George Norman
On 29 Jul 2009
The out-of-band update scheduled for the 28th of July, the update that was meant to address a critical vulnerability in Internet Explorer and a moderate vulnerability in Visual Studios, has been rolled out to Microsoft customers. At the time, the Redmond-based company could not go into specifics, but now that the update has been released, it can provide a more in-depth details about the out-of-band update. Here’s a little hint: it’s Active Template Library (ATL).

Here is precisely what Microsoft released the other day:
Security Advisory 973882, which provides info on Microsoft’s “ongoing investigation into vulnerabilities in the public and private versions of Microsoft's Active Template Library (ATL).”


Microsoft Security Bulletin MS09-034, which details a mitigation for Internet Explorer that will foil an attacker’s attempt to exploit components and controls built using Active Template Library. Multiple other unrelated IE vulnerabilities are addressed in the bulletin as well. MS09-034 applies to Internet Explorer 5.01, Internet Explorer 6 and Internet Explorer 6 Service Pack 1, Internet Explorer 7, and Internet Explorer 8

Microsoft Security Bulletin MS09-035, which details a moderate vulnerability in Visual Studio Active Template Library that if exploited by a person with malicious intent could allow the attacker to perform remote code execution. MS09-035 applies to Windows 2000 Service Pack 4, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. If you have applied MSO9-32, then you should be okay, explained Microsoft, adding that no active exploits taking advantage of the vulnerabilities presented in MS09-035 have been detected in the wild

So why did Microsoft push this out-of-band update? Jonathan Ness, Microsoft Security Research and Defense Engineering, provides an explanation.

“While the vulnerability has been known to Microsoft for some time, additional information regarding these vulnerabilities has been growing over the past few weeks. And with the Black Hat and Def Con security conference getting people together around the same watering hole, natural curiosity means that risk to customers could increase as more information is disclosed. We’ve seen one active attack on an ATL vulnerability targeting the msvidctl.dll control. We decided to proactively release these security updates to help protect customers and mitigate the risk in a more controlled manner. We believe the right thing to do is to help protect customers with out-of-band security updates in this unique situation where we anticipate the risk will increase before our next scheduled security update opportunity,” said Ness.

Tags: Microsoft, Patch, Security, Update, Patch Tuesday, Visual Studio, Internet Explorer, IE, ATL, Active Template Library
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Microsoft Details Out-of-Band July Update
HTML Linking Code