July 2009 Entries
Today saw Microsoft release an out of band update for Visual Studio correcting a vulnerability in the Active Template Library. Any control which has been compiled with previous versions of ATL may allow remote code execution and must be recompiled and a corrected version distributed as soon as possible. This vulnerability affects Visual Studio 2003, 2005 and 2008. Microsoft have a dedicated page to the problem on the Microsoft Security site. The Security Research and Defense blog also has an overview of the release along with a great list of further resources: MS09-034: Internet Explorer bulletin ...
Yes, I know, it’s painful. You have to run a cryptic command line tool from the .NET framework directory. You have to mess around with RSA keys and export them if you’re load balancing, or want to encrypt on one machine and use it on another. Or you could use a handy tool from Hugo Bonacci. I know, he has a goatee, so he may in fact be evil, but you pays your money and you takes your choice. Point the tool at your server, choose the section you want to encrypt and press, well, press encrypt. There’s even...
AntiXSS, the open source encoding library from the Microsoft Security Tools folks has gone live, and the binaries are available from the MS download centre. I’ve been recommending this for quite a while over the framework’s HttpEncode and UrlEncode simply because it offers more options (JavaScript, VBScript Xml Encoding) and has a visible test suite – plus if something does go wrong it’ll be easier to patch it quickly, rather than wait for a patched version of the .NET framework. There’s also a runtime module which will try to encode on the fly in case you forget to … ...
Midnight sees the start of the Windows 7 pre-order offers where, for a limited time, Home Premium will cost £49.99 and Professional will cost £99.99. If like me you paid the Ultimate tax for Vista and didn’t get much for it, well, you’re not getting a discount for Win7 Ultimate either – but all Ultimate gives you this time around with Win7 is language packs and and Bitlocker. There’s been some confusion if BranchCache and DirectAccess are limited to the Enterprise and Ultimate editions – who knows, as MS don’t show the Enterprise editions on their comparison page – heck...