In my last post I alerted readers to the existence of a couple of out-of-band updates released by Microsoft. I purposely didn’t go into a lot of detail — I just urged everyone to apply the updates ASAP.
But judging by some of the correspondence I’ve received at least some readers still do not understand what a broad-based impact the mere presence of Internet Explorer has upon your Windows system taken as a whole.
One version or another of Internet Explorer exists in all Windows installations, and component parts of IE may well be in use by other applications that you do use, whether you use IE itself or not. So the claim “But I don’t use Internet Explorer” is no defense, and therefore no excuse if you get zapped.
Sometimes you might even have difficulty figuring out how an announced Microsoft update that mentions Internet Explorer even relates to IE. For example…
There’s a very popular Microsoft product called Visual Studio. It’s a development environment used by thousands of programmers all over the world to develop all types of Windows applications (programs). And a component part of Visual Studio is something called the Active Template Library – the ATL. Put very simply the ATL is, as the name suggests, a library of program code that can be called upon by Windows programs.
When a program developed within the Visual Studio environment makes use of the Active Template Library, a library file called atl.dll is provided and installed as part of the finished program. If you install said program then atl.dll is stored on your computer along with other miscellaneous program files.
The ATL is also frequently used to create “objects” that can be called from an Active Server Pages (ASP) script. ASP is a common programming language used by Web developers.
If you search your entire hard drive(s) for the existence of atl.dll, there’s a good chance you might find several instances of it.
In other words, the influence of atl.dll is pervasive and widespread, and cannot be ignored, no matter what browser you prefer to use on a day-to-day basis.
OK, so clearly I must have been telling you all that for a reason. Yep, you guessed it… one of the out-of-band updates that I wrote about in my previous post is a patch for a very dangerous vulnerability recently discovered in atl.dll. This is not a theoretical danger. It has already been practically demonstrated that a bad guy can exploit this vulnerability and take control of your PC.
So if you were working on the “I don’t use Internet Explorer” defense, I strongly suggest you rethink your position and refer back to my previous post for the relevant update links.
{ 1 trackback }