Telstra has revealed the addition of almost one million new mobile services in the six months to December 2011, but Sensis revenues plummeted 24 percent in 12 months.
This week Microsoft pushed out a regular assortment of Windows updates but one in particular caught my eye. It was an important security update for Visual Studio. The description said an attacker could compromise your Windows-based system – with Visual Studio? Actually, no; the truth is worse, when good programs go bad.
Microsoft employees could almost claim repetitive strain injury for the amount of times they must copy-and-paste “A security issue has been identified that could allow an attacker to compromise your Windows-based system ... and gain complete control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer.”
No doubt you’ve seen that message even if you don’t make a habit of reading descriptions on all the updates queuing for your system. What makes this one – KB973675 – particularly unexpected is that it is a Visual Studio vulnerability.
Visual Studio is Microsoft’s primary software development environment. It is used to write computer programs in languages like C++, C#, Visual Basic.NET and others.
While it is not uncommon to learn of exploitable vulnerabilities in mail and web servers or other products that are generally exposed to the Internet – like web browsers – it is definitely not common to be told you are putting your system at risk by running a development environment.
The update addresses Microsoft security bulletin MS09-035 with a threat risk of moderate.
It turns out the offending portion is not actually Visual Studio itself – so, no, merely firing up Visual Studio hasn’t become a risky proposition.
Actually, the real problem is worse. The vulnerability is within the Active Template Library (ATL) which is a redistributable package accompanying Visual Studio versions from 2003 through 2005 and 2008.
Programs built within Visual Studio that make use of ATL functionality are all infected with the flaw. Like a river, these programs have been distributed out to computers worldwide. Consequently, while the update is labelled as being for Visual Studio the vulnerability exists in legions of “CorporateApp1” style programs on a desktop near you.
Fortunately, the update may be applied to any Windows-based computer irrespective of whether Visual Studio is installed or not. Enterprise administrators or home users may wish to install this update manually or via using the Microsoft Update service.
David Bass
| For the fourth year in a row, IDC has placed content security provider Websense (NASDAQ: WBSN) at the top of the IDC Worldwide Web Security 2011 –…
How to Make Business Discovery Work for Your Business
Business Discovery takes its cues from consumer apps. Like Google, it encourages us- ers to hunt for and explore data without worrying about or even noticing the underly- ing technology. Their entire experience is working within an intuitive interface to get real-time, self-service results with only minimal training. ...more
Try an easy-to-use set of web-enabled
tools for business-class productivity services. Office 365 provides
anywhere-access to email, important documents, contacts, and calendars
on almost any device.
Latest Headlines from IT INDUSTRY
