nCircle Resources - VERT Alert

Solutions

Vulnerability Management Configuration Compliance PCI Regulations Government Consensus Audit Guidelines

IT GRC nCircle Technology Small Businesses CSO Center Secure Everywhere
Products

nCircle PureCloud nCircle Benchmark Suite360 Intelligence Hub Configuration Compliance Manager File Integrity Monitoring

nCircle IP360 WebApp360 PCI Scan Service HITRUST Service
Services

VERT Consulting Services Training
Customers

Testimonials Case Studies
Partners

Suite360 Partner Portal
News

Articles Press Releases Awards Certifications Events
Resources

Data Sheets Case Studies White Papers Regulation Mappings Analyst Reports Bellwether Metrics Security Survey Results

Tools Podcasts Webinars Videos VERT Alert Patch Priority Index
Support

Customer Portal Login
Community

Blog Worldwide User Conference nCircle Viewpoint
Company

Board of Directors Investors Employment Job Openings Contact Us Trust Stewardship

July 28, 2009 5:00PM PDT

Welcome to the inaugural VERT Alert, security related information from nCircle's VERT research team.

Today's VERT Alert provides information surrounding the two Out-of-Band (OOB) Microsoft bulletins released today. We are currently working on coverage and will deliver it within 24 hours of Microsoft's announcement in accordance with our 24-hour SLA. These bulletins cover 6 CVEs and their timely application is critical.

MS09-034	Memory Corruption Vulnerability	CVE-2009-1917
	HTML Objects Memory Corruption Vulnerability	CVE-2009-1918
	Uninitialized Memory Corruption Vulnerability	CVE-2009-1919
MS09-035	ATL Uninitialized Object Vulnerability	CVE-2009-0901
	ATL COM Initialization Vulnerability	CVE-2009-2493
	ATL Null String Vulnerability	CVE-2009-2495

MS09-034

The biggest news coming out of MS09-034 is that it includes protection against the ActiveX kill bit bypass that will be discussed at Black Hat USA this week.¹ This is an important change and, following appropriate internal testing, this patch should be rolled out to clients as soon as possible. The VERT recommendation is that this patch should be applied prior to tomorrow's presentation; however that presents a rather limited timeline.

As is always the case with Internet Explorer, these are user interaction issues. An attacker cannot target your system without the end-user being involved. User Awareness training and/or restricted web browsing can help in limiting the likelihood of exploitation.

MS09-035

This is one of the more interesting issues that may come across the security team's desk, particularly if your organization has in-house software development teams. The issues addressed in this bulletin are related to Visual Studio and applications compiled against the Active Template Library. Protecting against these issues not only means applying the patches to affected hosts, but working with software development teams to ensure that in-house applications are recompiled using the patched libraries. The Microsoft SDL blog provides additional insight into this issue, which may interest your developers.²

It should also be noted that numerous third party applications may be affected by this issue. Over the course of the next couple of weeks VERT recommends paying close attention to the vendor websites for software that your organization frequently uses. These updates should be installed as soon as possible after they become available.

Assessing Your Systems

MS09-034
Focus query: app:"Internet Explorer"

MS09-035
Focus query: app:"Microsoft Visual Studio 2008" OR app:"Microsoft Visual Studio .NET 2003" OR app:"Microsoft Visual Studio 2005"

1. http://blogs.technet.com/bluehat/archive/2009/07/27/black-hat-usa-atl-killbit-bypass.aspx
2. http://blogs.msdn.com/sdl/archive/2009/07/28/atl-ms09-035-and-the-sdl.aspx


*Email: