Share via


Out-of-band security bulletins

This is post is to notify you that Microsoft released two out-of-band security bulletins on July 28, 2009.

One bulletin is for the Microsoft Visual Studio product line; application developers should be aware of updates available affecting certain types of applications.

The second bulletin contains defence-in-depth changes to Internet Explorer to address attack vectors related to the Visual Studio bulletin, as well as fixes for unrelated vulnerabilities that are rated Critical.

This security update was released outside of the usual monthly security bulletin release cycle in an effort to protect customers. Microsoft recommends customers prepare their systems and networks to apply this security bulletin immediately to help ensure that their computers are protected from attempted criminal attacks. For more information about security updates, visit http://www.microsoft.ie/protect.

=================================

NEW SECURITY BULLETIN SUMMARY

=================================

Bulletin ID: MS09-034

Bulletin Title: Cumulative Security Update for Internet Explorer (972260)

Maximum Severity Rating: Critical

Vulnerability Impact: Remote Code Execution

Restart Requirement: Requires restart

Affected Software: All supported versions of Internet Explorer on Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008

---------------------------------

Bulletin ID: MS09-035

Bulletin Title: Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706)

Maximum Severity Rating: Moderate

Vulnerability Impact: Remote Code Execution

Restart Requirement: Requires restart

Affected Software: Microsoft Visual Studio .NET 2003, Visual Studio 2005, Visual Studio 2008, Visual C++ 2005, and Visual C++ 2008

The full version of the Microsoft Security Bulletin Notification can be found here: http://www.microsoft.com/technet/security/advisory/973882.mspx.

The purpose of this notification is to assist customers with resource planning for this security bulletin release. The information offered in this notification is purposely general in nature to provide enough information for customers to plan for deployment without disclosing vulnerability details or other information that could put them at risk. Anyone believed to have been affected can visit: http://www.microsoft.com/protect/support/default.mspx and should contact the Gardaí.

Microsoft continues to encourage customers to follow the “Protect Your Computer” guidance of enabling a firewall, applying all software updates, and installing anti-virus and anti-spyware software. Additional information can be found at: http://ww.microsoft.ie/protect.

If you have any questions regarding this alert, please contact your local (Technical) Account Manager.

Cross posted from Ronan's blog