July Microsoft Out-of-Band Patch
Microsoft has announced two out-of-band patches that are currently available. (Out-of-band patches are released outside of Microsoft’s normal Patch Tuesday release cycle and usually fix vulnerabilities that are currently attacking Windows systems. ) These patches apply to two Microsoft products, Visual Studio and Internet Explorer. These patches are rated Critical, and allow for remote code execution on vulnerable systems. Gladiator recommends that users immediately apply all Critical patches to their systems. Detailed information for the patches can be found in Microsoft’s July Security Bulletin. Summary information is included below:
- Cumulative Security Update for Internet Explorer (972260) (MS09-034) – This update fixes multiple issues with Internet Explorer. Since some components were developed using the vulnerable version of the Visual Studio Active Template Library, they needed to be updated. Furthermore, three privately reported vulnerabilities are also fixed which could allow for remote code execution. This patch is rated Critical by Microsoft.
- Vulnerabilities in Visual Studio Active Template Library (ATL) Could Allow Remote Code Execution (969706) (MS09-035) – This vulnerability affects Microsoft Visual Studio, which is used by developers to create applications. This vulnerability is rated Critical by Microsoft. Any applications developed using this vulnerable template library must be updated. If an application has a component developed using a vulnerable version of the ATL it could be vulnerable to remote code execution.
Gladiator recommends that users patch their systems quickly for MS09-034 and MS09-035 as exploit code has either already been released or is likely to be released in the near future.
Related Links:
- Microsoft Security Bulletin (http://www.microsoft.com/technet/security/bulletin/ms09-jul-ans.mspx)
- SANS Diary Entry (http://isc.sans.org/diary.html?storyid=6874)