Out-of-band security bulletins
This is post is to notify you that Microsoft released two out-of-band security bulletins on July 28, 2009.
One bulletin is for the Microsoft Visual Studio product line; application developers should be aware of updates available affecting certain types of applications.
The second bulletin contains defence-in-depth changes to Internet Explorer to address attack vectors related to the Visual Studio bulletin, as well as fixes for unrelated vulnerabilities that are rated Critical.
This security update was released outside of the usual monthly security bulletin release cycle in an effort to protect customers. Microsoft recommends customers prepare their systems and networks to apply this security bulletin immediately to help ensure that their computers are protected from attempted criminal attacks. For more information about security updates, visit https://www.microsoft.ie/protect.
=================================
NEW SECURITY BULLETIN SUMMARY
=================================
Bulletin ID: MS09-034
Bulletin Title: Cumulative Security Update for Internet Explorer (972260)
Maximum Severity Rating: Critical
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: All supported versions of Internet Explorer on Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008
---------------------------------
Bulletin ID: MS09-035
Bulletin Title: Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706)
Maximum Severity Rating: Moderate
Vulnerability Impact: Remote Code Execution
Restart Requirement: Requires restart
Affected Software: Microsoft Visual Studio .NET 2003, Visual Studio 2005, Visual Studio 2008, Visual C++ 2005, and Visual C++ 2008
The full version of the Microsoft Security Bulletin Notification can be found here: https://www.microsoft.com/technet/security/advisory/973882.mspx.
The purpose of this notification is to assist customers with resource planning for this security bulletin release. The information offered in this notification is purposely general in nature to provide enough information for customers to plan for deployment without disclosing vulnerability details or other information that could put them at risk. Anyone believed to have been affected can visit: https://www.microsoft.com/protect/support/default.mspx and should contact the Gardaí.
Microsoft continues to encourage customers to follow the “Protect Your Computer” guidance of enabling a firewall, applying all software updates, and installing anti-virus and anti-spyware software. Additional information can be found at: https://ww.microsoft.ie/protect.
If you have any questions regarding this alert, please contact your local (Technical) Account Manager.
Comments
- Anonymous
July 29, 2009
VS 2008 SP1: 365 MB VS 2005 SP1: 250 MB VS.NET 2003: 72 MB. BIG FAIL MS.