MS09-035: Vulnerabilities in Visual Studio Active Template Libraries could allow remote code execution

View products that this article applies to.

INTRODUCTION

Microsoft has released security bulletin MS09-035. To view the complete security bulletin, visit one of the following Microsoft Web sites:

Home users:
http://www.microsoft.com/security/updates/bulletins/200908.aspx (http://www.microsoft.com/security/updates/bulletins/200908.aspx)
Skip the details: Download the updates for your home computer or laptop from the Microsoft Update Web site now:
http://update.microsoft.com/microsoftupdate (http://update.microsoft.com/microsoftupdate)
IT professionals:
http://www.microsoft.com/technet/security/bulletin/MS09-035.mspx (http://www.microsoft.com/technet/security/bulletin/MS09-035.mspx)

Back to the top

How to obtain help and support for this security update

For home users, no-charge support is available by calling 1-866-PCSAFETY in the United States and Canada or by contacting your local Microsoft subsidiary. For more information about how to contact your local Microsoft subsidiary for support issues with security updates, visit the Microsoft International Support Web site:

http://support.microsoft.com/common/international.aspx?rdpath=4 (http://support.microsoft.com/common/international.aspx?rdpath=4)

North American customers can also obtain instant access to unlimited no-charge e-mail support or to unlimited individual chat support by visiting the following Microsoft Web site:

http://support.microsoft.com/oas/default.aspx?&prid=7552 (http://support.microsoft.com/oas/default.aspx?&prid=7552)

For enterprise customers, support for security updates is available through your usual support contacts.

Back to the top

MORE INFORMATION

Prerequisites

If you are running Windows Server 2003 Service Pack 2 (SP2), you must install update 973825 before you install this security update. For more information about update 973825, click the following article number to view the article in the Microsoft Knowledge Base:

973825 (http://support.microsoft.com/kb/973825/ ) Error message when you try to install a large Windows Installer package or a large Windows Installer patch package in Windows Server 2003 Service Pack 2: "Error 1718 File was rejected by digital signature policy"

Back to the top

Additional information and known issues about this security update

For more information about this security update, click the following article number to view the article in the Microsoft Knowledge Base:

971089 (http://support.microsoft.com/kb/971089/ ) Description of the update for Microsoft Visual Studio .NET 2003 Service Pack 1: July 28, 2009

971090 (http://support.microsoft.com/kb/971090/ ) Description of the update for Microsoft Visual Studio 2005 Service Pack 1: July 28, 2009

971091 (http://support.microsoft.com/kb/971091/ ) Description of the update for Microsoft Visual Studio 2008: July 28, 2009

971092 (http://support.microsoft.com/kb/971092/ ) Description of the update for Microsoft Visual Studio 2008 Service Pack 1: July 28, 2009

973544 (http://support.microsoft.com/kb/973544/ ) Description of the security update for Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package: July 28, 2009

973552 (http://support.microsoft.com/kb/973552/ ) Description of the security update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package: July 28, 2009

973551 (http://support.microsoft.com/kb/973551/ ) Description of the update for Microsoft Visual C++ 2008 Redistributable Package: July 28, 2009

973830 (http://support.microsoft.com/kb/973830/ ) Description of the update for Microsoft Visual Studio 2005 Service Pack 1 64-bit Hosted Visual C++ Tools: July 28, 2009

973923 (http://support.microsoft.com/kb/973923/ ) Description of the security update for the Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package (for previously installed versions): July 28, 2009

973924 (http://support.microsoft.com/kb/973924/ ) Description of the security update for the Microsoft Visual C++ 2008 Redistributable Package (for previously installed versions): July 28, 2009

973673 (http://support.microsoft.com/kb/973673/ ) MS09-035: Description of the ATL for Smart Devices security update for Visual Studio 2005 Service Pack 1: August 11, 2009

973674 (http://support.microsoft.com/kb/973674/ ) MS09-035: Description of the ATL for Smart Devices security update for Visual Studio 2008: August 11, 2009

973675 (http://support.microsoft.com/kb/973675/ ) MS09-035: Description of the ATL for Smart Devices security update for Visual Studio 2008 Service Pack 1: August 11, 2009

For more information about any known issues with specific releases of this software, click the following article number to view the article in the Microsoft Knowledge Base:

974054 (http://support.microsoft.com/kb/974054/ ) Symbol files (PDBs) are not updated after you install update 971090 or 973830 for Visual Studio 2005 Service Pack 1 or update 971089 for Visual Studio .NET 2003 Service Pack 1

974055 (http://support.microsoft.com/kb/974055/ ) Some DLL files are not updated when you install update 971091 for Visual Studio 2008

974479 (http://support.microsoft.com/kb/974479/ ) You receive a compile error in your ATL project after you install the Windows SDK 6.1 with Visual Studio 2008 Service Pack 1

Back to the top

Additional affected products

In addition to the product versions that are specified in the "Applies to" section, this security update is meant to be used with the following products: