United States : Verizon offers free service to help developers test for Microsoft ATL flaw.Byline: Mamta03 Verizon Business is offering a free scanning service for developers to help them determine whether any controls or components they built using Microsoft's ATL (Active Template Library) A set of software routines from Microsoft that provide the basic framework for creating ActiveX and COM objects. Stemming from the standard template library (STL) that comes with C++ compilers, ATL includes an object wizard that sets up are vulnerable to flaws Microsoft (Microsoft Corporation, Redmond, WA, www.microsoft.com) The most successful and influential software company. Microsoft's software and Intel's hardware pioneered the PC and revolutionized the computer industry. patched on Tuesday Tuesday: see week. . Verizon Business is offering a free scanning service to help software developers more quickly determine whether any controls and components they built using Microsoft's Active Template Libraries See ATL. (ATL) are vulnerable to the issues identified in the emergency security update issued by Microsoft on Tuesday. The scanning service, along with a self-diagnostic questionnaire, is available online. It is designed to scan compiled code and produce a list of properties where the ATL vulnerabilities might exist, said Russ Cooper, senior security strategist strat·e·gist n. One who is skilled in strategy. Noun 1. strategist - an expert in strategy (especially in warfare) strategian market strategist - someone skilled in planning marketing campaigns with Verizon Business. Microsoft's ATL is used by software developers to create items such as Active X controls for Windows systems. Microsoft yesterday issued an emergency security bulletin for several remote code execution vulnerabilities in the public versions of the ATL included with Visual Studio. The update was timed to beat a scheduled presentation today at the Black Hat Security Conference, where researchers are planning to release more details about the flaws. At least one attack using an ATL vulnerability has been seen in the wild, according to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. Microsoft. Verizon's code-testing service gives developers who have used ATL in their controls a way to determine which part of their code they need to be checking first so they can prioritize pri·or·i·tize v. pri·or·i·tized, pri·or·i·tiz·ing, pri·or·i·tiz·es Usage Problem v.tr. To arrange or deal with in order of importance. v.intr. any remediation efforts, Cooper said. It is a "really complex situation" trying to find out whether controls and components developed using ATL can be exploited, he said. The conditions under which vulnerable code might be exploited "aren't obvious on the surface," he said. "We can look for snippets of code inside the finished code that help us identify if the control has the potential to be exploited." Though the scan can help developers identify potential issues much faster than a manual scan would, Verizon's code tester does not eliminate the need for a manual code review, Cooper said. Nor does it offer any guarantee against false positives or false negatives. Copyright : Euclid Infotech Pvt. Ltd. Provided by Syndigate.info an Albawaba.com company |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion