US-CERT Technical Cyber Security Alert TA09-223A -- Microsoft Updates for Multiple Vulnerabilities
US-CERT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA09-223A
Microsoft Updates for Multiple Vulnerabilities
Original release date: August 11, 2009
Last revised: --
Source: US-CERT
Systems Affected
* Microsoft Windows and Windows Server
* Microsoft Office
*
Remote Desktop Connection Client for Mac 2.0
Overview
Microsoft has released updates to address vulnerabilities in
Microsoft Windows, Windows Server, Office Web Components and Remote
Desktop Connection for Mac.
I. Description
Microsoft has released multiple security bulletins for critical
vulnerabilities in Windows, Windows Server, Office Web Components,
and Remote Desktop Connection for Mac. These bulletins are
described in the Microsoft Security Bulletin Summary for August
2009.
Microsoft Security Bulletin MS09-037 includes updates for Microsoft
components to address vulnerabilities in the Active Template
Library (ATL). Vulnerabilities present in the ATL can cause
vulnerabilities in the resulting ActiveX controls and COM
components. Any ActiveX control or COM component that was created
with a vulnerable version of the ATL may be vulnerable, including
ones distributed by third-party developers.
Developers should update the ATL as described in the previously
released Microsoft Security Bulletin MS09-035 in order to stop
creating vulnerable controls. To address vulnerabilities in
existing controls, recompile the controls using the updated ATL.
Further discussion about the ATL vulnerabilities can be found in
the Microsoft Security Advisory 973882.
II. Impact
An attacker may be able to execute arbitrary code, in some cases
without user interaction.
III. Solution
Apply updates from Microsoft Microsoft has provided updates for
these vulnerabilities in the Microsoft Security Bulletin Summary
for August 2009. The security bulletin describes any known issues
related to the updates. Administrators are encouraged to note these
issues and test for any potentially adverse effects. Administrators
should consider using an automated update distribution system such
as Windows Server Update Services (WSUS).
IV. References
* Microsoft Security Bulletin Summary for August 2009 -
<http://www.microsoft.com/technet/security/bulletin/ms09-aug.mspx>
* Microsoft Security Advisory 973882 -
<http://www.microsoft.com/technet/security/advisory/973882.mspx>
* Microsoft Update -
<https://www.update.microsoft.com/microsoftupdate/>
* Windows Server Update Services -
<http://www.microsoft.com/windowsserversystem/updateservices/default.mspx>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA09-223A.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <ce...@cert.org> with "TA09-223A Feedback VU#880124" in
the subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2009 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
August 11, 2009: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBSoHKPnIHljM+H4irAQK/hwgAtF8UKy0+tPJg9HQ6pJft7iffI4unXCkG
ser5aJ1QSm7Ep9vXP3THlvOZf0rUrDy2Xet/xuiL5HbESgQ4FaW6Fp15XsvhtIFX
G4jMCDrIKmuNaEX4GFPyDcAV0djbhq3n7ZCWUQOtWqd7kXvKpRGcZWEF16p1KJE2
ewN/ypKbCgIqS50lITe4SHUWyVn7Nm3MUdE9yro/BgFhoGXtuwrp0miYRbbHS6Tt
7VVmygk8HuWNPpQQVnCqPpah7nUP0+dJVvTwu4UX7V5K3O2KeM2Z//BnHyuIdGV3
NF8H3KIq+1UJfg7XqFLofQ4rbi05blC27Pe8YiM9z4pGAyJZWgfehg==
=fqkk
-----END PGP SIGNATURE-----