Security Vulnerabilities in Microsoft Active Template Library (ATL)

My company is concerned on recent Microsoft security vulnerabilities patch. We are accessing all of the tools that we are using whether they are affected by this vulnerability.
We would like to find out on the following product:
Crystal Reports. Net
Crystal Reports Developer XI
Crystal Report 2008
Are they safe from this vulnerability? Please advise me accordingly.
Thank you.
Some information below.
Microsoft Security Advisory 973882 u2013 Vulnerability Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution:  http://www.microsoft.com/technet/security/advisory/973882.mspx
Microsoft Security Bulletin MS09-035 u2013 Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706): http://www.microsoft.com/technet/security/bulletin/MS09-035.mspx
MSDN Article -- Active Template Library Security Update for Developers
http://msdn.microsoft.com/en-us/visualc/ee309358.aspx
Landing Page for ATL Guidance (for consumers, IT Professionals and Developers):
http://www.microsoft.com/atl/

Hi Ludek,
I think, you misunderstand the Microsoft update in question.
The update provides corrections to ATL header files which are used to build the ATL-based controls and components -- it updates Visual Studio installation so, that developers could rebuild their ATL-based components taking advantage of the updated code.
The code from the headers which are subject to the update in question is included in the binaries of the built ATL-based controls and components and not in the shared libraries (like ATL and MFC) that Microsoft ships.
Therefore, only by rebuilding (and re-shipping) the ATL-based controls and components can this update be accounted for.
Here, by ATL-based controls and components I mean Crystal ActiveX viewer and, possibly, RDC runtime -- obviously, it is up to Crystal Reports developers to review, whether the corrected functionality is used within their components.
I am not sure, which version of Visual Studio is used to build ActiveX viewer/RDC. Microsoft issued updates for several versions.
/Alex
P.S. I would also be interested to know, whether there are plans to update CR components, if they are affected by the vulnerability.

Similar Messages

  • Kerberos Pre-Authentication - Security Vulnerabilities

    I have an issue with some Java applets locking out AD accounts, or prompting for a password.
    The solutions I have, and work, is to check the "Do not require Kerberos preauthentication" located in the user account of Active Directory Users and Computers, or to create a registry DWORD key called allowtgtsessionkey with a value of 1. 
    This key is located in
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters.
    Can you advise by enabling this option or creating the reg key, does this open any security vulnerabilities?  I have read on another forum that creating the key on a PC where a users has local admin rights, will be an issue, but was very vague.
    Many thanks
    Larry

    Hi,
    If the issue persists, please:
    Find out from which machine/device bad password attempts are generated.
    Locate any services/scheduled tasks/disconnected remote desktop connections/scripts/mapped drives which could be storing credentials, then clear stored credentials.
    More information for you:
    Troubleshooting Account Lockout
    https://technet.microsoft.com/en-us/library/cc773155%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396
    Account getting locked out
    https://social.technet.microsoft.com/Forums/en-US/92454597-b414-4840-82fd-16dd92a1706d/account-getting-locked-out
    Account Locked - Event 4771 Failure Code 0x18
    https://social.technet.microsoft.com/Forums/windowsserver/en-US/6187d7e2-d38a-4ecd-bf80-12ce3589c8e1/account-locked-event-4771-failure-code-0x18?forum=winserversecurity
    Error for Active Directory
    https://social.technet.microsoft.com/Forums/windowsserver/en-US/4923356c-1820-4626-83f2-8a57a7c48ccc/error-for-active-directory?forum=winserverDS
    Best Regards,
    Amy
    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
    [email protected]

  • Error while trying to open the template library from a client - ver4.2

    I receive the message below when trying to open the tempalte library (have refreshed cache, reproc security).
    Any help is appreciated.  All other functions seem to work except the eAnalyze template library:
    T          "he description information is missing.  Do you want to update your template information from the server?"
                 Yes or No
    Yes u2013 prompts a u2018download fileu2019 refresh.  It returns u201Cupdate Completeu201D, select OK and get the following message:
                  "Description information is missing.  Please contact your administrator."

    I have moved this thread to the [BPC MS forum|SAP Planning and Consolidation, version for the Microsoft platform;.  Notice the sticky [note|Please do not post BPC, SSM or FI/CO questions here!; at the top of the FPM - General (PCM, FC, Other) Forum whereby we announced new dedicated forums for BPC which are the proper place to post your questions regarding BPC in the future.
    [Jeffrey Holdeman|http://wiki.sdn.sap.com/wiki/display/profile/Jeffrey+Holdeman]
    SAP Labs, LLC
    BusinessObjects Division
    Americas Customer Solutions Adoption (CSA) team

  • Integration of sap R/3 (4.7) and Microsoft active directory (2003)

    Hi All,
    I would like to know integration of sap R/3 (4.7) and Microsoft active directory (2003) and also SAP EP and Microsoft active directory. I have been working as a ep consultant with a local bank. I am new for this integration work, So please kindly provide me the steps for integrating these both directories.
    Pls help me with this issue.
    Thanks in advance,
    Regards,
    Raghav.

    Hi,
    First You should read:
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/bc72b890-0201-0010-3a8d-e31e3e266893
    Regards,
    Jarek

  • Configuring Microsoft ACtive Directory in WebLogic server 10.3.3

    Hi,
    I am working on configuring Microsoft ACtive Directory in WebLogic server 10.3.3. After configuration I couldn't see any AD users in myrealm-users.
    If there is any document / step-by-step tutorial available please provide me.
    Thanks
    MC

    Just check the product documentation ;-) The Guide Securing WebLogic Server might be of interest for you.
    Here is a link to start with: http://download.oracle.com/docs/cd/E14571_01/web.1111/e13707/atn.htm#SECMG175
    --olaf                                                                                                                                                                                                                                                                                                                                                                                                                                                               

  • XL Reporter-Security settings in Microsoft Excel prohibit XL Reporter

    Hi
    i am getting the following error when i run the reports in XL Reporter
    XL Reporter-Security settings in Microsoft Excel prohibit XL Reporter from running.
    I have made the following chnages
    1. Start Microsoft Excel.
    2. In the Tools menu, choose Macro->Security...
    This opens the Security window.
    3. Choose the Trusted Sources tab and make sure the Trust all installed add-ins and templates and Trust access to Visual Basic Project checkboxes are selected
    I am still getting the same error.
    Regards
    Farheen

    Hi Rekha,
    In ref. SBO System that you are loggged on to, do you have admistration rights on the local computer.
    Are you trying to open the XL reporter for the first time ?
    Which version of SBO you are working on?
    Regards,
    Rakesh N

  • Microsoft C++ RUN LIBRARY Error In DTW.

    Hi All..
    At the time of Importing the templates through Dtw i am getting tis Microsoft C++ Run Library Error after that its not allow me to import the Data through Dtw .Please provided the solution asap
    Thanks

    Hi,
    I also facing the same problem when I used DTW.   Previously I use no issue on this.  I've tried on client pc and server also having the same problem.
    SAP Business One 2007B SP:00 PL:16
    I tried to uninstall and reinstall DTW and it still giving me the same problem.
    Please advice.
    Thank you.
    Regards,
    Foong Yee

  • Best way to Securely publish OWA and Active Sync

    Hi Guys
    Just a quick question what is the best way for me to securely publish OWA and Active Sync in Exchange 2013, I have 1 CAS server and one MB server both on my lan but i have 443 open to internet and would like to make it more secure by putting maybe a reverse
    proxy or OWA device in my DMA, my setup is small sub 200 users so cost is a factor, what is the most economically way for me to do this with the least amount of work and complication
    I know ISA/TMG is now extinct and i dont want to use any linux reverse proxies etc.. just a simple solution that will publish these services securely that is easy to support going forward and inexpensive.
    Thanks in advance
    Spudney

    What exactly are you looking to secure?  If all that you have open is TCP 443 that is a tight setup already.
    You'll  have to state the business requirements you are looking to address - and for a 200 user org I suspect that they will be very different from a large enterprise.
    Take a look at this pls:
    http://blogs.technet.com/b/exchange/archive/2013/07/17/life-in-a-post-tmg-world-is-it-as-scary-as-you-think.aspx
    And say hello to Renton as well please!
    Cheers,
    Rhoderick
    Microsoft Senior Exchange PFE
    Blog:
    http://blogs.technet.com/rmilne 
    Twitter:   LinkedIn:
      Facebook:
      XING:
    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

  • Security mails from Microsoft cant be delivered to Exchange 2010

    Hi there,
    I have strange issue with delivering e-mails from Microsoft account team to my Exchange 2010 users.
    That is single Exchange 2010 server scenario with Microsoft antispam features installed.
    There is one setting that is affecting behavior of that: Sender-ID filtering. If it is configured as reject messages, the authentication e-mails are rejected with error:
    550 5.7.1
    Missing purported responsible address,MissingPRA,No valid PRA
    I was doing some research around the Sender-ID filter and found this:https://technet.microsoft.com/en-us/library/aa997242(v=exchg.141).aspx pointing
    to this:
    http://www.ietf.org/rfc/rfc4407.txt
    (see chapter 2, points 5 and 6)
    And Im thinking that the From: header is too long for the filter having 133 characters...
    From: =?windows-1250?Q?T=FDm,=20kter=FD=20se=20star=E1=20o=20=FA=E8ty=20Microsoft?= <[email protected]>
    See https://tools.ietf.org/html/rfc2822 chapter 2.1.1
    And if from header is not read properly, there is no other chance to define PRA.
    Im attaching the header with some privacy related edits (*)
    And also connection to my previos post:
    https://social.technet.microsoft.com/Forums/cs-CZ/63366c5f-5028-4b86-8cd9-815b2474083e/authentication-email-from-onedrive-is-not-delivered-to-exchange-2010?forum=exchangesvrsecuremessaging
    Received: from BAYIDSTOOL3E005 ([65.54.190.61]) by BAY004-OMC1S28.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.22751);
    Wed, 21 Jan 2015 03:50:31 -0800
    Message-ID: <[email protected]>
    X-Message-Routing: sKFde7CS5BHygFZaC4gFZWeHmOM+Rjf1iOmv8meDbQqeD+9kHFgbAflrz5UYy6v/Ov/vRliTx0hzi7ScTgwYCoH5DCu2Fahk9R9SdBH5Nsa5oB9Sz/gjNEAPF3tI/C3nFECX7BGzTiSSOg8TKAUbuCEwYGg==
    Return-Path: [email protected]
    Date: Wed, 21 Jan 2015 03:50:31 -0800
    From: =?windows-1250?Q?T=FDm,=20kter=FD=20se=20star=E1=20o=20=FA=E8ty=20Microsoft?= <[email protected]>
    Subject: =?windows-1250?Q?Bezpe=E8nostn=ED=20k=F3d=20=FA=E8tu=20Microsoft?=
    To: <t*****f@jv*******ms.cz>
    X-Priority: 3
    X-MSAMetaData: Cn0c88Cz0sGsI0Nfm6RO9sA/7VbWGUJeVNx9a4NXy37JI18dwFph0xDWcW8LScCF+MW2Lz28gPZz9dv7HW6EgfszNl0B6YfvjoqD5EXhCIrXhZTYSSbIB1Ix/LTVnuXoQieHLbzlKEn/wPNttCFyHop5rh2n8Sm26X38Eqj+/+Nh4VXFdEZ2I+gyInEElCSMfg==
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
    boundary="------=_Next_Part_0490624281.535"
    X-OriginalArrivalTime: 21 Jan 2015 11:50:31.0736 (UTC) FILETIME=[757B2B80:01D03570]
    Do anyone knows the limits of header lines in the Exchange 2010 Antispam Filters?

    I have tested it deeply and strange thing gets even stranger:
    If I send entire email with telnet the difference between error and accepting message by server is comma in From: header. so:
    Message is not accepted with that line:
    From: =?windows-1250?Q?T=FDm,=20kter=FD=20se=20star=E1=20o=20=FA=E8ty=20Microsoft?= <[email protected]>
    Message is accepted if I delete a comma:
    From: =?windows-1250?Q?T=FDm=20kter=FD=20se=20star=E1=20o=20=FA=E8ty=20Microsoft?= <[email protected]>

  • Problem with Oracle external procedures and Microsoft Active Directory

    Hi,
    Our server was recently updated to use Microsoft Active Directory. However, we noticed that all external procedure calls keeps on failing with ORA-28575: unable to open RPC connection external procedure agent. Everything was working fine before we migrated to Active Directory which is why we can say that the listener is configured correctly.
    Any idea on how we can make extproc calls with Active Directory?
    thanks.

    Michael,
    Oracle Forms does support Single Sign-On (SSO). Take a look at Oracle Containers for J2EE Security Guide: OC4J Java Single Sing-On. Also take a look at the Oracle Forms 10g Sample Code and scroll to the SSO demo under the Forms Services Demo section. There are also, numerous other documents available via Google. ;-)
    Craig B-)
    If someone's response is helpful or correct, please mark it accordingly.

  • Single sign on and microsoft active directory

    Hi,
    I have EBS 12.1.3 on linux. I know that I can implement single sign on to login to EBS. Now the question is: can I integrate this single sign on with my existing Microsoft Active Directory? Can you send me some links or documentation?

    Self-reply:
    http://blogs.oracle.com/stevenChan/2006/05/indepth_using_thirdparty_ident.html
    Thanks

  • Saving only a portion of a Microsoft Word template into a new document using LabVIEW Report Generation Toolkit

    I have a Microsoft Word template I want to populate programmatically with test data. The template contains both explanatory text and a data sheet section with test data placeholders (bookmarks). Using the Report Generation Toolkit for Microsoft Office, I have been able to successfully populate the placeholders with data and save the results into a new Microsoft Word document. The problem is the new Word document contains not only the test data but also the explanatory text that was in the original document template. Ideally, I would like to have the generated document contain just the test data without the accompanying text. Is it possible to do this usi
    ng the Report Generation Toolkit?

    Hello Ryan,
    Two easy options come to mind.
    1. You may want to consider using an �ink annotation� instead of regular text for your explanation.
    2. You can programmatically do a find and replace on the explanatory text. Have LabVIEW find the whole paragraph, and replace it with nothing.
    If none of these suggestions help, or if I�m not correctly understanding your issue, please reply with comments or answers to the discussion above and any additional information that may help, and I�ll be happy to look further into it.
    Have a nice day!
    Robert Mortensen
    Applications Engineer
    National Instruments
    Robert Mortensen
    Software Engineer
    National Instruments

  • How to get title templates library for CC?

    How to get title templates library for CC?  Do you have to download and install PP 6 to get them?

    Try here Library, title templates, template projects missing: Premiere Pro, After Effects, Encore

  • How to create activity template for email campaign in CRM 5.0

    Hi,
    I tried attaching only a simple activity transaction type (Z005) to communication type email in SPRO > CRM > Marketing > Marketing Planning and Campaign Management > Campaign Execution > Define communication medium.
    After doing this, I was expecting that when I execute my campaign for channel email, emails will be sent to the customers and activity transactions of type Z005 will be created for each outbound email.
    Activity transactions are created, but I think I would like to maintain more details (description, responsible org etc.), which should be possible using activity template.
    I am struggling with creating activity template. I created a normal transaction of type Z005 and tried to maintain it as a template (which was obviously wrong), and the system gave me a message that I need to attach a template transaction of template type D.
    How do I create an activity template of type D?
    Any help would be appreciated.
    Regards,
    Kaushal

    Hi Kushal,
    As your are in CRM 5.0 you can create Activity template from SAP GUI. Just execute CRMD_ORDER and select your Activity type (ZOO5) and in Menu click on Extras->Template->Create  just enter required details such as (description, responsible org etc.)  save the template it will create Activity template number. While creating Email Campaign just enter activity template number.
    Execute Email Campaign it should create Activity with required details.
    Regards,
    Dipesh.

  • Security Setting in Microsoft Excel Prohbit XL Report From Running

    Dear Expert,
    When I run XL Report following  error message display
    Security Setting in Microsoft Excel Prohbit XL Report From Running
    On  server Excel 2003 is installed and its working ,
    But  client  PC Excel 2007 is installed and when run xl addon above error display...
    all the micro setting and trust center setting  is done.
    Pls help me.......
    Thanks
    Ashish Nandgaonkar

    Dear Ashish Nandgaonkar,
    You may check this thread first:
    XL reporter issue in SAP Business one 2007 B patch 15
    Thanks,
    Gordon

Maybe you are looking for

  • Is there a way to turn off the 'nannying'?

    Hi everyone, I'm using the Safari Beta, and am very impressed. Particularly happy about URL auto-completion working properly, resizing text boxes, in line search and the performance. So far, no problems. Is there though, a way to turn off all the "is

  • Runtime error in IE 7

    A site I use has a pop up applelet window which works fine in IE 6 However I recently downloaded the IE 7 Beta version and, when using that, get a runtime library error and a fata errror in iexplore.exe, closing all windows if the error message windo

  • Creating a restricted access page.

    I need to create a restricted access page within my website, so that a username and password are required to access. The Dreamweaver instructions ask me to go to the Server Behaviors panel (Window > Server Behaviors), click the plus button and choose

  • Missing file attachments

    I've been working on a newsletter generation tool at work. Last week, I added a feature to embed images into email. Since then, PDF attachments do not appear on the iPhone or Apple Mail on Snow Leopard. I've noticed a long standing list of reports re

  • PocketMac Pro vs. iSync vs. Blackberry--No one wins!

    After using a Treo 600 flawlessly for two years between platforms (Windows and Mac) as my syncing tool and having very few errors, problems or conflicts, I had to convert to a Blackberry for work. I saw that there was some problems using PocketMac Pr