Network Security News

Microsoft patches include fixes for ATL, ActiveX flaws

Wednesday, August 12, 2009

For Microsoft's monthly release of security patches, the company issued nine bulletins Tuesday, six of which are rated critical. The company pointed out patches for critical flaws in the Active Template Library (ATL) and Video ActiveX Control.

Five of the six critical updates have an Exploitability Index rating of 1, which means there is likely to be consistent, reliable code in the wild seeking to exploit the security bugs, Microsoft said.

Security bulletin MS09-037 is an update for Microsoft ATL, which was the source of buggy code that necessitated an out-of-band security patch last month.

Microsoft had patched critical bugs in the ATL component of Visual Studio, which were related to an errant ampersand (&) in the code. Any software developed using the code remained vulnerable to attacks.

Adobe was affected by the ATL flaws in Flash Player and Shockwave Player, which the company had to patch on its own.

Another Microsoft update this month, MS09-043, addresses an Office Web Components vulnerability.

"We strongly encourage customers to review and deploy this bulletin if applicable given that we have seen exploitation in the wild," Microsoft said on its security response center blog.
ADNFCR-1765-ID-19309074-ADNFCR

Related News:

Zeus botnet performs MySpace spam campaign to spread itself further - 11.20.2009
A sophisticated Trojan dubbed "Zeus" has sent a flood of email messages to MySpace users in an attempt to propagate itself onto more computers, according to researchers at the University of Alabama at Birmingham.

Experts dissect Chrome OS security features - 11.20.2009
Yesterday's release of Google's groundbreaking new cloud-based operating system, Chrome OS, has caused a stir in techie circles, with experts of all stripes rushing to examine the product and issue their judgments.

Microsoft counts Chrome coup with discovery of security flaw - 11.20.2009
Security researchers at Microsoft recently discovered a security vulnerability in Google's controversial Chrome Frame for Internet Explorer, a browser plug-in that simulates Chrome functionality within an Internet Explorer session.

iPhone user sues games maker, claiming to have found hidden spyware - 11.18.2009
An iPhone gamer filed a federal lawsuit against mobile game programmer Storm8 today, alleging that the company violated his privacy by including hidden code in its games that gathered his personal information without permission.

Government watchdog warns of possible IT leaks at Los Alamos - 11.16.2009
The Government Accountability Office has issued a report on data security at the Los Alamos National Laboratory which says that sensitive and highly classified information is vulnerable to outside access.
View Related Resources
Or
Watch an Online Demo
Or
Have us call you now