This is in continuation of advanced notification released by Microsoft few days back. It has now released MS09-34 and MS09-35 out-of-band patches yesterday. Well we would recommend having MS09-34 (Internet Explorer related bulletin) on your top list.

MS09-35 (Visual Studio active template library) is basically intended for developers of components and controls. Developers who build and redistribute components and controls using ATL should install the update provided in this bulletin. Developers who have built components and controls using ATL should download this update and recompile their components and controls following the guidance provided in the following MSDN article.

An Internet Explorer Active-X vulnerability which was actively being exploited was taken care by MS09-32 patch by setting a kill bit (i.e. disabling/killing the control which causes vulnerability) so that the vulnerable control does not run in Internet Explorer. But the researchers at Black Hat Conf USA 2009 will disclose the methods to bypass the fix and exploit the vulnerability.

This is the third time in last two years that Microsoft has released out-of-band vulnerability last being the Ms09-67 patch (the famous conficker fame) . So all administrators should be on red alert regarding this vulnerability. My 2 cents..test this patch in testing environment and quickly roll it to desktops on priority and then to servers (if servers are not used to run any program on it else keep both on high priority).

Happy patching

Similar Posts you might be interested in:

• Microsoft released IE out-of-band patch
• 9th June 09- Patch tuesday