Get Critical VB6 Updates
Microsoft releases critical VB6 patch. Plus VB 2005 Power Packs 2.0, new VS 2008 downloads and more.
- By Bill McCarthy
One could be forgiven, after all these years, for thinking Visual Basic 6 with 6 service packs is a safe and stable platform. Apparently not! Microsoft has recently released a critical update for OLEAUT32.DLL. The memory corruption exploit fixed with this update could allow an attacker to take complete control of a system if the user is running with administrator rights. To think this exploit has been open for so many years might give you an uneasy feeling, but the exploit would most likely be attempted through scripting over a Web page and to date no actual attacks using this exploit have been recorded. That's the mildly tolerable news, but what can you do about it?
If you distributed the OELAUT32.DLL, it's probably safest to issue an update to clients. However, you should also be aware that you will now need to ship a different version of the DLL, depending on the user's operating system. Hence, I recommend running tests with your application distribution on different versions of Windows and checking whether the update is applied through Windows Update. If not, deliver an operating system-specific update. In general, you should avoid shipping the runtimes for any new deployments.
This serves as yet another reminder that you should develop your applications to run under the least privileges, where possible, and encourage your clients not to run as administrator.
Read the technical information about this update here and download the updates from here.
The Visual Basic team has released Visual Basic 2005 Power Packs 2.0, which includes the PrintForm and Printer Compatibility libraries plus, my favorite, the new line and shape controls. The line and shape controls are similar to those you had in Visual Basic 6, with extra features such as gradient fills. The lines, ovals, and rectangles are lightweight components rendered on their container control that include rich events, such as click-on selection of the shape. It's definitely worth the download.
For Visual Studio 2008 Beta 2, a couple of interesting releases are worth looking at. First off, the XML team has made available a beta of the new schema explorer. The schema explorer provides a searchable tree view of the schema document--great for navigating medium to large schemas. The nice thing about it is that it also works with datasets because they are also based on a schema. Download XML Schema explorer here.
The ADO .NET Entities team has released Beta 2 of the ADO.NET Entity Framework and Beta 1 of the visual tools to support it. The entity framework has many enhancements from Beta 1, including better data binding, improvements in persistence ignorance, serialization of keys, events to allow you to hook into the code generation, and general usability and consistency improvements.
The visual tools consist of a tree-view explorer for the data store model and the entity model as well as a graphical designer similar to the class designer. Note that these are early bits and the functionality is limited, but the download does give a good indication of Microsoft's direction on this technology. You need to use the wizard to import all the data store metadata from the start if you want to play with designing your own entities; I hope it will be a more incremental process in the future.
Note that the Entity framework and tools are currently scheduled to be shipped in the first half of 2008 after Visual Studio 2008 has been released. If you are planning on adopting the entity framework in your applications in the future, this is an important window of opportunity to provide feedback to the product team. I know myself and others have raised issues with various bits, and the entity team has been responsive and constructive in addressing them.
For developers interested in Silverlight, there are two new releases: Silverlight tools Alpha for Visual Studio 2008 Beta 2 and Expression Blend 2 August Preview.
Bill McCarthy is an independent consultant based in Australia and is one of the foremost .NET language experts specializing in Visual Basic. He has been a Microsoft MVP for VB for the last nine years and sat in on internal development reviews with the Visual Basic team for the last five years where he helped to steer the language’s future direction. These days he writes his thoughts about language direction on his blog at http://msmvps.com/bill.