Microsoft released nine regularly-scheduled patches on Tuesday, fixing flaws in vulnerable ActiveX controls, Microsoft Office and Windows Media files.
The patches corrected at least 19 security issues, according to the software giant's advisory. Microsoft fixed the headers for five ActiveX templates, so that controls built with the code can avoid a class of flaws announced at the Black Hat Security Briefings last month. Microsoft had release an advisory on the Active Template Library, offering guidance to developers.
While the patches fix the code, developers need to rebuild their ActiveX controls to fix specific instances of the issue, David Dewey, a researcher at IBM Internet Security Systems, said in a statement.
"The issue is that developers have been including this flawed code in ActiveX controls for over ten years," said Dewey, who was credited by Microsoft with finding one of the ActiveX issues. "This results in an innumerable amount of vulnerable controls that were developed by third-parties and are currently being used in the public."
The nine patches also corrected four security issues in Microsoft's Office Web components and two vulnerabilities in the way that Microsoft Windows Media libraries handle AVI video files.
Twelve of the 19 security issues could be exploited by attackers relatively easily, according to Microsoft's exploitability index. A summary of Tuesdy's bulletins can be found on the software giant's Technet site.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos