Go to Home Page   IT ServiceLink IT ServiceLink Telephone us on 01206 235000
About us

Software Development
       Legacy Software Maintenance
       Project Life Cycle
       Bespoke Software Development
       Corporate Hosting
       Business Process Automation
       DotNetNuke (DNN) CMS Website Package
       Search Engine Optimisation (SEO)
          SEO Website Survey Report
          SEO Blog
       Nesox Email Marketing
       e-Commerce Services

IT Infrastructure
       Hardware Supply
       Software Supply
       IP Telephony
          Avaya
          Swyx
          Avaya Case Study
          Swyx Case Study 1
          Swyx Case Study 2
       Security Products
          BorderWare
          Kaspersky
             Kaspersky Open Space
             Kaspersky Case Study
       Networking
          Draytek

Professional Services
       Customer Relationship Management (CRM)
          ACT! By Sage
          Microsoft Dynamic 3.0
       IT Infrastructure Optimisation
       IT Security Planning
       Business Continuity Management (BCM)
       Digital Sealing

IT Support Services
       Network Management
       Virtual IT Department
       IT Help Desk
       IT Support Framework
       IT Security Updates
          Microsoft Bulletins
             Archive
                July 2009
                Emergency Patch Release July 2009
                August 2009
                September 2009
                October 2009
                November 2009
                December 2009
                Emergency Patch Release January 2010
                January 2010
                February 2010
                Emergency Patch Release March 2010
                March 2010
                April 2010
                May 2010
                June 2010
                July 2010
                August 2010
                September 2010
                October 2010
                November 2010
                December 2010
                January 2011
             February 2011
             March 2011
             April 2011
             May 2011
             June 2011
             July 2011
             August 2011
             September 2011
             December2011
             January 2012
       Disaster Recovery

Contact us
  Home >> IT Support Services >> IT Security Updates >> Microsoft Bulletins >> Archive >> Emergency Patch Release July 2009 08 February 2012  
Emergency Patch Release - 28th July 2009

Microsoft has taken the unusual steps to release two security patches before their usual monthly release. Microsoft typically only releases these "out-of-cycle" patches when hackers are exploiting the flaw in real-world attacks and as a result we consider these to be important patches to apply.

One is classed as Critical and the other as Moderate.

The Critical patch fixes a vulnerability in Internet Explorer and will affect most Windows based operation systems. The Moderate patch fixes a potential vulnerability in Visual Studio.

The background to both these patches is interesting. The underlying security hole lies in a part of Visual Studio (which is the Microsoft development toolset used for application development). The component in question in the Visual Studio toolset is something called the ‘Active Template Library’ – and any applications developed using this component will have the problem.

Guess what – the Critical Vunerability in Internet Explorer is a direct result of it being built in Visual Studio using the Active Template Library.

The next logical conclusion to this is the question – ‘what other applications have been built using the faulty Active Template Library?’. This is likely to be a problem in a number of commercially available applications – so the developers of these will need to release patched versions.

In addition, anyone who creates software using Visual Studio internally within their business, or who has bespoke software created for them by a 3rd party would be best place to check if their code base is affected.

Our advice is…

  • Ensure that the critical patch for Internet Explorer is deployed to all Windows desktop and server operating systems immediately.
     
  • If you have any developers, either in house or external suppliers, using Visual Studio make sure they apply the patch and test any software or websites they have built with visual studio in a development environment before updating the live versions.
     
  • Ensure that all Anti-virus and Malware blocking software packages are fully up to date, and properly configured firewalls are in place within your environment.  

In summary…

  • Update your Desktop and Server computers immediately with the critical patch (MS09-034).
     
  • Evaluate if you or your software developers are using Visual Studio, patch, test in development environment and then apply to live environment. (MS09-035).
     
  • Please also make sure that all additional IT Security solutions (Anti Virus, Anti Malware and Firewall) are in place, are up to date and are appropriate for your environment.

Table 1: Details of MS Patches released Tuesday 28/7/2009

MS Link ITSL Summary Severity Affected Software Restart after patch
MS09-034

This patch is an emergency ‘out of band’ release to deal with a vulnerability in Internet Explorer, caused by an underlying issue in the Visual Studio package used to create the Internet Explorer application (see MS09-035 below).Our advice is to immediately patch all Internet explorer versions in use on Windows Servers and Desktops.

 Critical MS Windows – 2000 – IE 5.01, IE6
MS Windows XP, 2003, Vista, 2008 – IE 6, IE 7, IE 8		 Yes
MS09-035

This patch is an emergency ‘out of band’ release to deal with the security vulnerability in the ‘Active Template Library’ component of Visual Studio. The actual vulnerability will appear in all applications developed using this component – with the prime example being MS09-034 above – Internet Explorer. Anyone using Visual Studio for development should patch the affected component, and assess all previously built software systems to determine if a rebuild using the updated component is appropriate. Businesses using 3rd part developed applications should check with the developers to ensure they assess the impact on their code base.

 Moderate

Microsoft Visual Studio .NET 2003
Microsoft Visual Studio 2005
Microsoft Visual Studio 2008
Microsoft Visual C++ 2005
Microsoft Visual C++ 2008

 Yes

 

 

 

 

 

 

 

 

 

 

Rating Definition
Critical A vulnerability whose exploitation could allow the propagation of an Internet worm without user action.
Important A vulnerability whose exploitation could result in compromise of the confidentiality, integrity, or availability of users data, or of the integrity or availability of processing resources.
Moderate Exploitability is mitigated to a significant degree by factors such as default configuration, auditing, or difficulty of exploitation.
Low A vulnerability whose exploitation is extremely difficult, or whose impact is minimal.

 

We also offer...


Accessibility  |  Privacy  |  Terms Of Use  |  Site Map

A Microsoft Certified Partner © Copyright 2009-2011 IT ServiceLink LTD A Microsoft Small Business Specialist