• Another out-of-band Internet Explorer patch

    Posted on July 26, 2009 at 04:53 CDT by Comment in the Forums

    Microsoft just announced that it has two out-of-band patches coming this Tuesday.

    One of them is for Internet Explorer 6, 7 and 8. The security hole is described in depth by Halvar Flake. Basically, there’s a hole a mile wide in the Windows Active Template Library, a library of functions that were developed for ActiveX. Apparently even simple VBScript programs can get at the hole. And since it’s in a freely distributable library, you may have received the buggy programs as part of a third party application.

    Microsoft’s description of the bug says that it affects IE in Windows 2000, XP, Vista, Server 2003 and some versions of Server 2008. It doesn’t say squat about Windows 7.

    The second hole is in Visual Studio, and apparently it’s directly related to this hole in IE.

    The irony of it all is that this month’s Black Tuesday IE patch, MS09-032, was supposed to fix this hole, but it doesn’t. And it took Microsoft about a year to issue the fix in MS09-032. At least that’s what Halvar and cohorts say. I’m still stumbling on the fact that MS09-032 was supposed to be a killbit rollup: Microsoft’s docs don’t say anything about fixing a year-old security hole in the ATL.

    Why is this being distributed as an out-of-band patch? Microsoft says there are no currently known exploits. And it looks like it took them a year to fix the original problem. Perhaps the spinmeisters want to minimize embarrassment at next week’s Black Hat conference in Las Vegas…

    Windows Patches/Security
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    May 2025
    S M T W T F S
     123
    45678910
    11121314151617
    18192021222324
    25262728293031

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.