As expected, Microsoft has released emergency patches for critical IE flaw

Microsoft weirdly mum on the details of the vulnerability.

As expected, Microsoft has rushed an emergency out-of-band security patch to fix a critical flaw in Internet Explorer. The fix comes in the form of two security updates, MS09-034 and MS09-035 to address vulnerabilities in the Microsoft Active Template Library (ATL) that could allow a remote, unauthenticated user to run arbitrary code on an affected system. Both patches fix the same flaw but in different products, Internet Explorer and Visual Studio.

  1. MS09-034 – Security Bulletin for Internet Explorer (IE)
  2. MS09-035 – Security Bulletin for Visual Studio

Microsoft has been weirdly mum on exactly what the patch fixes and several security researchers have been pressured to stay silent on the matter, too, reports Computerworld. However, Microsoft will host a webcast where it promises to address customer questions on July 28, 2009, 1:00–2:00 PM PT (U.S. & Canada). An additional webcast will be available July 28, 2009, 4:00–5:00 PM PT (U.S. & Canada). The webcast will also available on-demand after July 28, 2009.

Visit the Microsoft Subnet web site for more news, blogs, podcasts. Subscribe to all Microsoft Subnet bloggers. Sign up for the bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert.)

  • Microsoft releases Linux Hyper-V drivers but still wants to crush Linux
  • Zero-day protection
  • Microsoft utters the F-word: "free"
  • Roll your own XP-to-Windows 7 upgrade on a USB drive
  • Firefox Stays In The Game With Firefox 3.5
  • Usability Testing SharePoint Sites: A little testing can make a big difference
  • Sometimes Slower Can Be Better
  • Giveaways and goodies from Microsoft Subnet and Cisco Subnet

Follow Microsoft Subnet on Twitter


Copyright © 2009 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022