Added support for MS09-034 and MS09-035

The information in this article applies to:

  • GFI LANguard 9.0
  • GFI LANguard Network Security Scanner 8

Article ID: KBID003602

Query keywords: Patch Detection update, Security Updates

Support for the following Microsoft security updates have been released by GFI for GFI LANguard.
These updates will be automatically downloaded and added to your security vulnerability scanning database on your next restart of GFI LANguard.


New Security Updates Supported:

  • MS09-035 - Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706)
  • MS09-034 - Cumulative Security Update for Internet Explorer (972260)


More Information:

MS09-035
Severity Rating: Moderate
Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706)

Description:

This security update addresses several privately reported vulnerabilities in the public versions of the Microsoft Active Template Library (ATL) included with Visual Studio. This security update is specifically intended for developers of components and controls. Developers who build and redistribute components and controls using ATL should install the update provided in this bulletin and follow the guidance provided to create, and distribute to their customers, components and controls that are not vulnerable to the vulnerabilities described in this security bulletin. This security bulletin discusses vulnerabilities that could allow remote code execution if a user loaded a component or control built with the vulnerable versions of ATL. While most Microsoft Security Bulletins discuss the risk of a vulnerability for a specific product, this security bulletin discusses the vulnerabilities that may be present in products built using the ATL. Therefore, this security update is rated Moderate for all supported editions of Microsoft Visual Studio .NET 2003, Microsoft Visual Studio 2005, Microsoft Visual Studio 2008, Microsoft Visual C++ 2005 Redistributable Package, and Microsoft Visual C++ 2008 Redistributable Package.

Included Updates:

  • Security Update for Microsoft Visual Studio 64-bit Hosted Visual C++ Tools 2005 Service Pack 1 (KB973830)
  • Security Update for Microsoft Visual C++ 2008 Redistributable Package (KB973924)
  • Security Update for Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package (KB973923)
  • Security Update for Microsoft Visual Studio 2005 Service Pack 1 (KB971090)
  • Security Update for Microsoft Visual Studio 2008 Service Pack 1 (KB971092)
  • Security Update for Microsoft Visual Studio 2008 (KB971091)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS09-035.mspx


MS09-034
Severity Rating: Critical
Cumulative Security Update for Internet Explorer (972260)

Description:

This security update is being released out of band in conjunction with Microsoft Security Bulletin MS09-035, which describes vulnerabilities in those components and controls that have been developed using vulnerable versions of the Microsoft Active Template Library (ATL). As a defense-in-depth measure, this Internet Explorer security update helps mitigate known attack vectors within Internet Explorer for those components and controls that have been developed with vulnerable versions of ATL as described in Microsoft Security Advisory (973882) and Microsoft Security Bulletin MS09-035. This security update also resolves three privately reported vulnerabilities in Internet Explorer. These vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This security update is rated Critical for Internet Explorer 5.01 and Internet Explorer 6 Service Pack 1, running on supported editions of Microsoft Windows 2000; Critical for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 running on supported editions of Windows XP; Critical for Internet Explorer 7 and Internet Explorer 8 running on supported editions of Windows Vista; Moderate for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 running on supported editions of Windows Server 2003; and Moderate for Internet Explorer 7 and Internet Explorer 8 running on supported editions of Windows Server 2008. The security update addresses these vulnerabilities by modifying the way that Internet Explorer handles objects in memory and table operations.

Included Updates:

  • Cumulative Security Update for Internet Explorer 7 for Windows XP x64 Edition (KB972260)
  • Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 x64 Edition (KB972260)
  • Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 for Itanium-based Systems (KB972260)
  • Cumulative Security Update for Internet Explorer 7 Dynamic Installer for Windows XP x64 Edition (KB972260)
  • Cumulative Security Update for Internet Explorer 7 Dynamic Installer for Windows Server 2003 (KB972260)
  • Cumulative Security Update for Internet Explorer 5.01 Service Pack 4 (KB972260)
  • Cumulative Security Update for Internet Explorer 6 Service Pack 1 (KB972260)
  • Cumulative Security Update for Internet Explorer 8 Dynamic Installer for Windows XP x64 Edition (KB972260)
  • Cumulative Security Update for Internet Explorer 8 Dynamic Installer for Windows XP (KB972260)
  • Cumulative Security Update for Internet Explorer 8 Dynamic Installer for Windows Server 2003 x64 Edition (KB972260)
  • Cumulative Security Update for Internet Explorer 8 Dynamic Installer for Windows Server 2003 (KB972260)
  • Cumulative Security Update for Internet Explorer 7 Dynamic Installer for Windows XP (KB972260)
  • Cumulative Security Update for Internet Explorer 7 Dynamic Installer for Windows Server 2003 x64 Edition (KB972260)
  • Cumulative Security Update for Internet Explorer 7 Dynamic Installer for Windows Server 2003 for Itanium-based Systems (KB972260)
  • Cumulative Security Update for Internet Explorer 8 Dynamic Installer for Windows Vista for x64-based Systems (KB972260)
  • Cumulative Security Update for Internet Explorer 8 Dynamic Installer for Windows Server 2008 (KB972260)
  • Cumulative Security Update for Internet Explorer 8 Dynamic Installer for Windows Vista (KB972260)
  • Cumulative Security Update for Internet Explorer 8 Dynamic Installer for Windows Server 2008 x64 Edition (KB972260)
  • Cumulative Security Update for Internet Explorer 7 for Windows Vista x64-based Systems (KB972260)
  • Cumulative Security Update for Internet Explorer 7 for Windows Server 2008 x64 Edition (KB972260)
  • Cumulative Security Update for Internet Explorer 8 for Windows Server 2008 (KB972260)
  • Cumulative Security Update for Internet Explorer 6 for Windows Server 2003 x64 Edition (KB972260)
  • Cumulative Security Update for Internet Explorer 8 for Windows XP x64 Edition (KB972260)
  • Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 (KB972260)
  • Cumulative Security Update for Internet Explorer 6 for Windows XP x64 Edition (KB972260)
  • Cumulative Security Update for Internet Explorer 8 for Windows Server 2008 x64 Edition (KB972260)
  • Cumulative Security Update for Internet Explorer 7 for Windows XP (KB972260)
  • Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 (KB972260)
  • Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 x64 Edition (KB972260)
  • Cumulative Security Update for Internet Explorer 8 for Windows XP (KB972260)
  • Cumulative Security Update for Internet Explorer 8 for Windows Vista for x64-based Systems (KB972260)
  • Cumulative Security Update for Internet Explorer 6 for Windows Server 2003 (KB972260)
  • Cumulative Security Update for Internet Explorer 7 for Windows Server 2008 for Itanium-based Systems (KB972260)
  • Cumulative Security Update for Internet Explorer 7 for Windows Vista (KB972260)
  • Cumulative Security Update for Internet Explorer 7 for Windows Server 2008 (KB972260)
  • Cumulative Security Update for Internet Explorer 6 for Windows XP (KB972260)
  • Cumulative Security Update for Internet Explorer 8 for Windows Vista (KB972260)
  • Cumulative Security Update for Internet Explorer 6 for Windows Server 2003 for Itanium-based Systems (KB972260)

Link:
http://www.microsoft.com/technet/security/Bulletin/MS09-034.mspx


Note