Visual C++ Team Blog : Bug Infohttp://blogs.msdn.com/vcblog/archive/tags/Bug+Info/default.aspxTags: Bug InfoenCommunityServer 2.1 SP1 (Build: 61025.2)Active Template Library (ATL) Security Updateshttp://blogs.msdn.com/vcblog/archive/2009/08/05/active-template-library-atl-security-updates.aspxThu, 06 Aug 2009 00:51:00 GMT91d46819-8472-40ad-a661-2c78acb4018c:9858444vcblog62http://blogs.msdn.com/vcblog/comments/9858444.aspxhttp://blogs.msdn.com/vcblog/commentrss.aspx?PostID=9858444<P class=MsoNormal style="MARGIN: 0in 0in 0pt"><FONT face=Calibri size=3>Hello,</FONT></P> <P class=MsoNormal style="MARGIN: 0in 0in 0pt"><?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p><FONT face=Calibri size=3>&nbsp;</FONT></o:p></P> <P class=MsoNormal style="MARGIN: 0in 0in 0pt"><FONT face=Calibri size=3>On Tuesday 28 July &nbsp;we released guidance and updates to assist developers using our Active Template Library (ATL) to prevent creating controls or components with potential security vulnerabilities.&nbsp; Vulnerabilities in libraries are a rare, but industry wide issue, that requires broad collaboration and action by the community at large to effectively resolve.&nbsp; </FONT></P> <P class=MsoNormal style="MARGIN: 0in 0in 0pt"><o:p><FONT face=Calibri size=3>&nbsp;</FONT></o:p></P> <P class=MsoNormal style="MARGIN: 0in 0in 0pt"><FONT face=Calibri size=3>Developers who have built controls using the ATL should take immediate action to review their control to identify if it is vulnerable and take appropriate action to rebuild their control using the updated ATL library and distribute a non-vulnerable version of their control to their customers.</FONT></P> <P class=MsoNormal style="MARGIN: 0in 0in 0pt"><o:p><FONT face=Calibri size=3>&nbsp;</FONT></o:p></P> <P class=MsoNormal style="MARGIN: 0in 0in 0pt"><FONT face=Calibri size=3>If you develop any controls with ATL then please take a look at the </FONT><A href="http://msdn.microsoft.com/en-us/visualc/ee309358.aspx" mce_href="http://msdn.microsoft.com/en-us/visualc/ee309358.aspx"><FONT face=Calibri size=3>guidance on MSDN</FONT></A><FONT face=Calibri size=3> detailing the steps required to identify and address affected controls. Also, we cover the issue in a </FONT><A href="http://channel9.msdn.com/posts/Charles/Out-of-Band-Inside-the-ATL-Security-Update/" mce_href="http://channel9.msdn.com/posts/Charles/Out-of-Band-Inside-the-ATL-Security-Update/"><FONT face=Calibri size=3>Channel9 video</FONT></A><FONT face=Calibri size=3>. </FONT></P> <P class=MsoNormal style="MARGIN: 0in 0in 0pt"><o:p><FONT face=Calibri size=3>&nbsp;</FONT></o:p></P> <P class=MsoNormal style="MARGIN: 0in 0in 0pt"><FONT face=Calibri size=3>Thanks</FONT></P> <P class=MsoNormal style="MARGIN: 0in 0in 0pt"><FONT face=Calibri size=3>Damien</FONT></P> <P class=MsoNormal style="MARGIN: 0in 0in 0pt"><FONT face=Calibri size=3>Visual C++</FONT></P><img src="http://blogs.msdn.com/aggbug.aspx?PostID=9858444" width="1" height="1">Bug InfoChannel 9