-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA09-223A Microsoft Updates for Multiple Vulnerabilities Original release date: August 11, 2009 Last revised: -- Source: US-CERT Systems Affected * Microsoft Windows and Windows Server * Microsoft Office * Remote Desktop Connection Client for Mac 2.0 Overview Microsoft has released updates to address vulnerabilities in Microsoft Windows, Windows Server, Office Web Components and Remote Desktop Connection for Mac. I. Description Microsoft has released multiple security bulletins for critical vulnerabilities in Windows, Windows Server, Office Web Components, and Remote Desktop Connection for Mac. These bulletins are described in the Microsoft Security Bulletin Summary for August 2009. Microsoft Security Bulletin MS09-037 includes updates for Microsoft components to address vulnerabilities in the Active Template Library (ATL). Vulnerabilities present in the ATL can cause vulnerabilities in the resulting ActiveX controls and COM components. Any ActiveX control or COM component that was created with a vulnerable version of the ATL may be vulnerable, including ones distributed by third-party developers. Developers should update the ATL as described in the previously released Microsoft Security Bulletin MS09-035 in order to stop creating vulnerable controls. To address vulnerabilities in existing controls, recompile the controls using the updated ATL. Further discussion about the ATL vulnerabilities can be found in the Microsoft Security Advisory 973882. II. Impact An attacker may be able to execute arbitrary code, in some cases without user interaction. III. Solution Apply updates from Microsoft Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for August 2009. The security bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. Administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). IV. References * Microsoft Security Bulletin Summary for August 2009 - <http://www.microsoft.com/technet/security/bulletin/ms09-aug.mspx> * Microsoft Security Advisory 973882 - <http://www.microsoft.com/technet/security/advisory/973882.mspx> * Microsoft Update - <https://www.update.microsoft.com/microsoftupdate/> * Windows Server Update Services - <http://www.microsoft.com/windowsserversystem/updateservices/default.mspx> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA09-223A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@xxxxxxxx> with "TA09-223A Feedback VU#880124" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2009 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History August 11, 2009: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBSoHKPnIHljM+H4irAQK/hwgAtF8UKy0+tPJg9HQ6pJft7iffI4unXCkG ser5aJ1QSm7Ep9vXP3THlvOZf0rUrDy2Xet/xuiL5HbESgQ4FaW6Fp15XsvhtIFX G4jMCDrIKmuNaEX4GFPyDcAV0djbhq3n7ZCWUQOtWqd7kXvKpRGcZWEF16p1KJE2 ewN/ypKbCgIqS50lITe4SHUWyVn7Nm3MUdE9yro/BgFhoGXtuwrp0miYRbbHS6Tt 7VVmygk8HuWNPpQQVnCqPpah7nUP0+dJVvTwu4UX7V5K3O2KeM2Z//BnHyuIdGV3 NF8H3KIq+1UJfg7XqFLofQ4rbi05blC27Pe8YiM9z4pGAyJZWgfehg== =fqkk -----END PGP SIGNATURE-----