Recent Microsoft Collaboration

Posted by Kris Lamb on July 28, 2009 at 2:10 PM EDT.

As most are aware in the security world, today Microsoft released guidance and security updates to help better protect customers from security vulnerabilities discovered in Microsoft’s Active Template Library (ATL).  These are issues that IBM, iDefense, and Microsoft have collaborated very closely on in order to responsibly disclose and address the various issues outlined in the bulletins that were released for Visual Studio and Internet Explorer .  As part of this collaboration between the researchers and the vendors, Mark Dowd, Ryan Smith, and David Dewey have published a guest blog on the Microsoft BlueHat blog  about the nature of the collaboration, the challenge in addressing such vulnerabilities, and how these specific issues are just a portion of the overall presentation they are giving at BlackHat USA on Wednesday.  We encourage everyone to take a moment and read the guest BlueHat blog from the three researchers as well as take some time to also reference the other Microsoft resources on this issue at the MSRC blog and the Microsoft Security Research Defense blog, in addition to the IBM X-Force advisories and the Microsoft bulletins MS09-034 and MS09-035.  We hope this provides additional resources and analysis for our customers and the general public to better understand the vulnerabilities present in the Active Template Library as well as our collaboration with Microsoft and iDefense on these issues.  We also hope to see you at both X-Force presentations on Wednesday at Blackhat USA.

Thanks,

-Kris