REDMOND, Wash.—Yesterday Microsoft issued an emergency patch to protect Internet Explorer users from an exploitable hole in technology for building ActiveX controls and other related web application components.
Also released was a vital security update for Visual Studio to help developers fix the controls and building components that could be attacked. Microsoft worked with Adobe, Sun and Google in addressing affected components, said Mike Reavey, director of the Microsoft Security Response Center, reports CNET.
Microsoft's security bulletin page said the update is being released out of band in conjunction with Microsoft Security Bulletin MS09-035, which describes vulnerabilities in those components and controls that have been developed using vulnerable versions of the Microsoft Active Template Library (ATL). As a defense-in-depth measure, this Internet Explorer security update helps mitigate known attack vectors within Internet Explorer for those components and controls that have been developed with vulnerable versions of ATL as described in other security advisories.
According to Microsoft, the majority of customers have automatic updating enabled and will not need to take any action because the update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install the update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.