As expected, Microsoft has released emergency patches for critical IE flaw

Microsoft weirdly mum on the details of the vulnerability.

As expected, Microsoft has rushed an emergency out-of-band security patch to fix a critical flaw in Internet Explorer. The fix comes in the form of two security updates, MS09-034 and MS09-035 to address vulnerabilities in the Microsoft Active Template Library (ATL) that could allow a remote, unauthenticated user to run arbitrary code on an affected system. Both patches fix the same flaw but in different products, Internet Explorer and Visual Studio.

  1. MS09-034 – Security Bulletin for Internet Explorer (IE)
  2. MS09-035 – Security Bulletin for Visual Studio

Microsoft has been weirdly mum on exactly what the patch fixes and several security researchers have been pressured to stay silent on the matter, too, reports Computerworld. However, Microsoft will host a webcast where it promises to address customer questions on July 28, 2009, 1:00–2:00 PM PT (U.S. & Canada). An additional webcast will be available July 28, 2009, 4:00–5:00 PM PT (U.S. & Canada). The webcast will also available on-demand after July 28, 2009.

Visit the Microsoft Subnet web site for more news, blogs, podcasts. Subscribe to all Microsoft Subnet bloggers. Sign up for the bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert.)

Follow Microsoft Subnet on Twitter

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2009 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)