Channel 9

Entries:
Comments:
Posts:

Loading User Information from Channel 9

Something went wrong getting user information from Channel 9

MSDN

Activity Profile

Latest Achievement:

Loading User Information from MSDN

Something went wrong getting user information from MSDN

Visual Studio Achievements
Visual Studio Achievements

Latest Achievement:

Loading Visual Studio Achievements

Something went wrong getting the Visual Studio Achievements

Inside the Active Template Library (ATL) Security Update

Embed code for this video

Copy the code above to embed our video on your website/blog.

Close

Video format

Option selected may change based on video formats available and browser capability.

Close

Download

How do I download the videos?

  • To download, right click the file type you would like and pick “Save target as…” or “Save link as…”

Why should I download videos from Channel9?

  • It's an easy way to save the videos you like locally.
  • You can save the videos in order to watch them offline.
  • If all you want is to hear the audio, you can download the MP3!

Which version should I choose?

  • If you want to view the video on your PC, Xbox or Media Center, download the High Quality WMV file (this is the highest quality version we have available).
  • If you'd like a lower bitrate version, to reduce the download time or cost, then choose the Medium Quality WMV file.
  • If you have a Zune, WP7, iPhone, iPad, or iPod device, choose the low or medium MP4 file.
  • If you just want to hear the audio of the video, choose the MP3 file.

Right click “Save as…”

  • High Quality WMV (PC, Xbox, MCE)

    File size

    771.1 MB
  • MP3 (Audio only)

    File size

    15.7 MB
  • MP4 (iPod, Zune HD)

    File size

    248.9 MB
  • Mid Quality WMV (Lo-band, Mobile)

    File size

    430.7 MB
  • WMV (WMV Video)

    File size

    227.0 B

Today, Microsoft announced the details of an out-of-band security update that impacts ATL components and controls (like ActiveX controls, for example) -> Developers who have built controls using vulnerable versions of ATL should take immediate action to review and identify any vulnerabilities, modify and recompile their affected controls and components using the updated versions of ATL and finally distribute a non-vulnerable version of the controls and components to their customers.

Here, Damien Watkins from the VC++ team and Damian Hasse and Jonathan Ness from MSRC Engineering review the steps to identify and address vulnerable controls and components. Of course, being a Channel 9 interview, we dig into various aspects of the problem without veering away from the goal here: helping you understand the exact issues with this vulnerability. If you own a component or control that uses ATL, then you will know what you need to do to prevent a possible attack.

 
Please visit the URLs below as soon as possible for detailed information on this vulnerability.

Resources discussed in this video are available on MSDN: Active Template Library Security Update and Developers

Detailed technical information on this security release for ATL developers: http://blogs.technet.com/srd/archive/2009/07/28/overview-of-the-out-of-band-release.aspx

Additional information on this security release is available on the Security Research & Defense blog

Overview with background + table of links:  http://blogs.technet.com/srd/archive/2009/07/28/overview-of-the-out-of-band-release.aspx

IE mitigation explanation:  http://blogs.technet.com/srd/archive/2009/07/28/internet-explorer-mitigations-for-atl-data-stream-vulnerabilities.aspx

Deep dive for developers:  http://blogs.technet.com/srd/archive/2009/07/28/atl-vulnerability-developer-deep-dive.aspx

How msvidctl.dll is related:  http://blogs.technet.com/srd/archive/2009/07/28/msvidctl-ms09-032-and-the-atl-vulnerability.aspx

Michael Howard's perspective on this issue: http://blogs.msdn.com/sdl/archive/2009/07/28/atl-ms09-035-and-the-sdl.aspx

Tags:

Follow the Discussion

Remove this comment

Remove this thread

close

Comments Closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums,
or Contact Us and let us know.

More posts in this blog

See More

Related posts

Creative Commons License

© 2013 Microsoft. Except where designated as licensed by
Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 License,
Microsoft reserves all rights associated with the materials on this site.