Patches for Vulnerabilities

(imported topic written by jfschafer)

I see 3 ATL vulnerabilities in Bigfix applicable to most of my machines but there’s no patches available in Bigfix (I think) that address. Microsoft seems to have downloads available to fix this. I’m wondering if these are not really applicable and it’s a mistake in the relevance code or if there’s some way to fix this. The names of the 3 vulnerabilities are:

ATL Uninitialized Object Vulnerability (ID 758101)

ATL COM Initialization Vulnerability (ID 671601)

ATL Null String Vulnerability (ID 757301)

Any advice on how to correct these with Bigfix?

(imported comment written by TerryWeiChao)

Hello,

Can you provide me the fixlet IDs? I can do initial review first.

Thanks!

-Terry

(imported comment written by jfschafer)

The id’s are right new to the names in my original thread labeled “ID: #####”

(imported comment written by TerryWeiChao)

For below fixlets:

ATL Uninitialized Object Vulnerability (ID 758101)

ATL COM Initialization Vulnerability (ID 671601)

ATL Null String Vulnerability (ID 757301)

Follow the instruction “Click here to view more information from nvd.nist.org (by CVE ID) on this vulnerability”, search “External Source: MS” to find the security bulletin number. Tried and found below numbers:

MS09-060

MS09-037

MS09-072

MS09-055

MS09-035

What is going on with these security bulletins?

Thanks!