Hopefully, most of us have already patched our IE browsers for potential malicious attacks on the ATL (Microsoft Active Template Library) vulnerability this week. But, that could only be one half of the equation for Microsoft’s out-of-band patch release. Visual Studio is affected by this vulnerability as well, but in a different manner. Software vendors who use Visual Studio for creating their products could potentially publish vulnerable versions of their files. We have seen reports of some companies updating their software to address this vulnerability.
The biggest example to date is Adobe. This week alone, they have published new versions of Adobe Shockwave, Adobe Flash Player, Adobe Acrobat and Adobe Reader. I will have to say “hats off” to Adobe for rapidly pushing out updates for their software. Many exploits floating around the Internet target Adobe products because they are so widely used.
As more companies update their software for this vulnerability, this could potentially be a nightmare for Administrators in the coming months. Most administrators have a patching cycle for their systems, so users can plan on outages. Only time will tell on this as we are watching and monitoring software vendors for updates.
The Adobe security bulletin affecting Shockwave can be found here.
The Adobe security bulletin affecting Flash, Reader and Acrobat can be found here.
The Microsoft security advisory for the ATL vulnerability can be found here.
