ITSS-Advisory : Medium : Microsoft : Internet Explorer and Visual Studio : Remote Code Execution

THREAT LEVEL
============
Medium.

INFORMATION
===========
On 28 July 2009, Microsoft released two separate, yet related bulletins.

MS09-034: Cumulative Security Update for Internet Explorer
----------------------------------------------------------
Link: http://www.microsoft.com/technet/security/Bulletin/MS09-034.mspx
Rating: Critical
Impact: Remote Code Execution
Known Issues: None
Affected: Computers with various Windows operating systems running Internet
Explorer versions: 5.01 SP4, 6, 6 SP1, 7, 8.

MS09-035: Vulnerabilities in Visual Studio Active Template Library
------------------------------------------------------------------
Link: http://www.microsoft.com/technet/security/Bulletin/MS09-035.mspx
Rating: Moderate
Impact: Remote Code Execution
Known Issues: http://support.microsoft.com/kb/969706
Affected:
- Microsoft Visual Studio versions: .NET 2003 SP1, 2005 SP1, 2008, 2008 SP1
- Microsoft Visual C++ versions: 2005 SP1, Redistributable Packages 2008 and 2008 SP1
Note: This bulletin is especially directed at developers of components and controls
using the Active Template Library.

ACTION
======
Administrators of affected computers are advised to review the bulletins,
test and apply relevant updates.

Computers in the testbed will have the patches applied immediately, and their
performance will be monitored. The effects of the patches on these computers will
be sent to its-announce@unimelb.edu.au by early afternoon on Fri 31 Jul 2009.