Security 10817 Published by

Microsoft has updated the following security bulletins: MS11-027 - Critical: Cumulative Security Update of ActiveX Kill Bits (2508272) - Version:1.1 and MS09-035 - Moderate: Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706) - Version:3.1



MS11-027 - Critical: Cumulative Security Update of ActiveX Kill Bits (2508272) - Version:1.1
Severity Rating: Critical - Revision Note: V1.1 (July 27, 2011): Added class identifiers for the Microsoft WMITools ActiveX Control described in this bulletin's vulnerability section for CVE-2010-3973. This is an informational change only. Customers who have already applied the "Prevent COM objects from running in Internet Explorer" workaround for this vulnerability should reapply this workaround with the additional class identifiers.

Summary: This security update resolves two privately reported vulnerabilities and one publicly disclosed vulnerability in Microsoft software. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page that instantiates a specific ActiveX control with Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This update also includes kill bits for three third-party ActiveX controls.

Read more

MS09-035 - Moderate: Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706) - Version:3.1
Severity Rating: Moderate - Revision Note: V3.1 (July 27, 2011): Corrected the update verification information for Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package, Microsoft Visual C++ 2008 Redistributable Package, and Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package. Removed the registry key information in favor of product codes. This is an informational change only.

Summary: This security update addresses several privately reported vulnerabilities in the public versions of the Microsoft Active Template Library (ATL) included with Visual Studio. This security update is specifically intended for developers of components and controls. Developers who build and redistribute components and controls using ATL should install the update provided in this bulletin and follow the guidance provided to create, and distribute to their customers, components and controls that are not vulnerable to the vulnerabilities described in this security bulletin.

Read more