MS09-060: Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office could allow remote code execution

Microsoft has released security bulletin MS09-060. To view the complete security bulletin, visit one of the following Microsoft Web sites:

• Home users:
  http://www.microsoft.com/security/updates/bulletins/200910.aspx (http://www.microsoft.com/security/updates/bulletins/200910.aspx)
  Skip the details: Download the updates for your home computer or laptop from the Microsoft Update Web site now:
  http://update.microsoft.com/microsoftupdate (http://update.microsoft.com/microsoftupdate)
• IT professionals:
  http://www.microsoft.com/technet/security/bulletin/MS09-060.mspx (http://www.microsoft.com/technet/security/bulletin/MS09-060.mspx)

How to obtain help and support for this security update

Help installing updates: Support for Microsoft Update (http://support.microsoft.com/ph/6527)

Security solutions for IT professionals: TechNet Security Troubleshooting and Support (http://technet.microsoft.com/security/bb980617.aspx)

Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center (http://support.microsoft.com/contactus/cu_sc_virsec_master)

Local support according to your country: International Support (http://support.microsoft.com/common/international.aspx)

Known issues and additional information about this security update

For more information about this security update and for information about any known issues with specific releases of this software, click the following article numbers to view the articles in the Microsoft Knowledge Base:

Where is the update for Visio Viewer 2002 and Visio Viewer 2003?

We recommend that all users of Visio Viewer 2003 and Visio Viewer 2003 upgrade to the latest, free version of Visio Viewer 2007 to address this security vulnerability. Users who cannot upgrade should apply the update from MS09-034. This Internet Explorer update mitigates the attack vector for affected Visio Viewer platforms. Users may also apply the kill bit for the affected control by using the procedures that are listed in the workaround sections of this bulletin. A kill bit for these controls will be included in a future cumulative security update for Internet Explorer.

For more information about the cumulative security update for Internet Explorer, MS09-034, click the following article number to view the article in the Microsoft Knowledge Base:

Why are Knowledge Base articles 974554, 974556, and 974234 not listed in the security bulletin?

These packages do not contain security updates and do not correct any security-related issues. However, these updates resolve a problem that can cause programs that use Outlook View Control with Forms 2.0, such as Microsoft Office Outlook with Business Contact Manager, to stop functioning as expected after Security Update. If you use Outlook View Control with Forms 2.0, we encourage you to apply these updates after installing the security update