Microsoft announced the details of an out-of-band security update that impacts ATL components and controls (like ActiveX controls, for example) -> Developers who’ve built controls using vulnerable versions of ATL should take immediate action to review and identify any vulnerabilities, modify and recompile their affected controls and components using the updated versions of ATL and finally distribute a non-vulnerable version of the controls and components to their customers. Damien Watkins from the VC++ team and Damian Hasse and Jonathan Ness from MSRC Engineering review the steps to identify and address vulnerable controls and components.