Microsoft has released two out-of-band security bulletins. The first bulletin, MS09-034, is a cumulative security update for Internet Explorer that addresses several vulnerabilities. These vulnerabilities may allow a remote attacker to execute arbitrary code. The second bulletin, MS09-035, addresses vulnerabilities in the Visual Studio Active Template Library (ATL). Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code.
Additionally, Microsoft has released security advisory 973882 to provide specific guidance for developers, IT professionals, consumers, and home users regarding the vulnerabilities in Active Template Library (ATL).
DarkFiber Consulting encourages users and administrators to review Microsoft Security Bulletins MS09-034 and MS09-035 and Microsoft Security Advisory 973882 and apply any necessary updates or workarounds to help mitigate the risks. Additional information can be found in Technical Cyber Security Alert TA09-209A.