Microsoft rushes Out of Band patches to fix issues disclosed at Blackhat tomorrow
Today Microsoft released two out of band patches. Remarkably one of the patches is a moderate patch in itself however, it turns out that this patch is for a flaw in Microsoft Active Template Library (ATL). If software is built using this ATL it contains a vulnerability which can be exploited easily and can lead to arbitrary code execution on a client e.g. when surfing to a malicious website. Interestingly the active content (ActiveX control) is executed even when a killbit for the ActiveX control has been set. A preview demonstration is available online and details will be disclosed on the BlackHat conference tomorrow 29-7-2009 3:25 PM (GMT-8).
Since the ATL is widely used it means that a lot of vulnerable software may be out there. Software vendors who used the vulnerable ATL should install the update and release updated versions of their ActiveX controls immediately.
The rest of us should at least install the ActiveX Killbit bypass update ASAP and set killbits as more and more vulnerable controls are discovered.