Copyright 2024 - CSIM - Asian Institute of Technology

Security Advisories

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Subject: US-CERT Technical Cyber Security Alert TA09-223A -- Microsoft Updates for Multiple Vulnerabilities
From: CERT Advisory <This email address is being protected from spambots. You need JavaScript enabled to view it.>
Date: Tue, 11 Aug 2009 15:50:02 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


                    National Cyber Alert System

              Technical Cyber Security Alert TA09-223A


Microsoft Updates for Multiple Vulnerabilities

   Original release date: August 11, 2009
   Last revised: --
   Source: US-CERT


Systems Affected

     * Microsoft Windows and Windows Server
     * Microsoft Office
     *
     Remote Desktop Connection Client for Mac 2.0


Overview

   Microsoft has released updates to address vulnerabilities in
   Microsoft Windows, Windows Server, Office Web Components and Remote
   Desktop Connection for Mac.


I. Description

   Microsoft has released multiple security bulletins for critical
   vulnerabilities in Windows, Windows Server, Office Web Components,
   and Remote Desktop Connection for Mac. These bulletins are
   described in the Microsoft Security Bulletin Summary for August
   2009.
   
   Microsoft Security Bulletin MS09-037 includes updates for Microsoft
   components to address vulnerabilities in the Active Template
   Library (ATL). Vulnerabilities present in the ATL can cause
   vulnerabilities in the resulting ActiveX controls and COM
   components. Any ActiveX control or COM component that was created
   with a vulnerable version of the ATL may be vulnerable, including
   ones distributed by third-party developers.
   
   Developers should update the ATL as described in the previously
   released Microsoft Security Bulletin MS09-035 in order to stop
   creating vulnerable controls. To address vulnerabilities in
   existing controls, recompile the controls using the updated ATL.
   Further discussion about the ATL vulnerabilities can be found in
   the Microsoft Security Advisory 973882.


II. Impact

   An attacker may be able to execute arbitrary code, in some cases
   without user interaction.


III. Solution

   Apply updates from Microsoft  Microsoft has provided updates for
   these vulnerabilities in the Microsoft Security Bulletin Summary
   for August 2009. The security bulletin describes any known issues
   related to the updates. Administrators are encouraged to note these
   issues and test for any potentially adverse effects. Administrators
   should consider using an automated update distribution system such
   as Windows Server Update Services (WSUS).


IV. References

 * Microsoft Security Bulletin Summary for August 2009 -
   <http://www.microsoft.com/technet/security/bulletin/ms09-aug.mspx>

 * Microsoft Security Advisory 973882 -
   <http://www.microsoft.com/technet/security/advisory/973882.mspx>

 * Microsoft Update -
   <https://www.update.microsoft.com/microsoftupdate/>

 * Windows Server Update Services -
   <http://www.microsoft.com/windowsserversystem/updateservices/default.mspx>

 ____________________________________________________________________

   The most recent version of this document can be found at:

     <http://www.us-cert.gov/cas/techalerts/TA09-223A.html>
 ____________________________________________________________________

   Feedback can be directed to US-CERT Technical Staff. Please send
   email to <This email address is being protected from spambots. You need JavaScript enabled to view it.> with "TA09-223A Feedback VU#880124" in
   the subject.
 ____________________________________________________________________

   For instructions on subscribing to or unsubscribing from this
   mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
 ____________________________________________________________________

   Produced 2009 by US-CERT, a government organization.

   Terms of use:

     <http://www.us-cert.gov/legal.html>
 ____________________________________________________________________

Revision History
  
  August 11, 2009: Initial release


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSoHKPnIHljM+H4irAQK/hwgAtF8UKy0+tPJg9HQ6pJft7iffI4unXCkG
ser5aJ1QSm7Ep9vXP3THlvOZf0rUrDy2Xet/xuiL5HbESgQ4FaW6Fp15XsvhtIFX
G4jMCDrIKmuNaEX4GFPyDcAV0djbhq3n7ZCWUQOtWqd7kXvKpRGcZWEF16p1KJE2
ewN/ypKbCgIqS50lITe4SHUWyVn7Nm3MUdE9yro/BgFhoGXtuwrp0miYRbbHS6Tt
7VVmygk8HuWNPpQQVnCqPpah7nUP0+dJVvTwu4UX7V5K3O2KeM2Z//BnHyuIdGV3
NF8H3KIq+1UJfg7XqFLofQ4rbi05blC27Pe8YiM9z4pGAyJZWgfehg==
=fqkk
-----END PGP SIGNATURE-----
Powered by: MHonArc

Login Form

Search

School of Engineering and technologies     Asian Institute of Technology