By MIKE HARAKAL
Published: August 8, 2009
On Tuesday, July 28, Microsoft released a security advisory to provide information about its ongoing investigation into vulnerabilities in the public and private versions of Microsoft's Active Template Library (ATL). The advisory provides guidance as to what developers can do to help ensure that the controls and components they have built are not vulnerable to the ATL issues, what IT Professionals can do to mitigate potential attacks that use the vulnerabilities, and what Microsoft is doing as part of its ongoing investigation into the issue described in this advisory.
This advisory affects Developers using certain Microsoft languages in the sense that they should be incorporating the appropriate controls and component in software. Developers should Review security bulletin MS09-035.
This advisory affects IT Professionals in that they must insure the timely implementation to their own or client networks of critical security updates. Specifically, in this case they must review security bulletin MS09-034 and deploy the security updates Cumulative Security Update for Internet Explorer (972260) to benefit from the new defense-in-depth technology built into Internet Explorer as soon as possible.
It's critical that a managed service provider act on these security advisories immediately. Trigon received notification of this patch on Tuesday. It was approved and deployed automatically to our clients on the same day. You should expect IT to happen just like this; effectively, proactively, and preventively.