Search This Blog

Powered by Blogger.

Blog Archive

Labels

Microsoft patched XML Core Services Remote Code Execution Vulnerability

Microsoft patched a number of of vulnerabilities in the July 2012 security bulletins, but the most important of them is most likely the vulnerability in XML Core Services.

The critical severity flaw in XML Core Services 3.0, 4.0, and 6.0, which can be leveraged by an attacker to remotely execute malicious pieces of code, affects all supported versions of the Windows operating system.

Microsoft Office 2003 and 2007 customers who rely on XML Core Services 5.0 are also affected by this vulnerability. However, the testing process for the updates is not yet complete.

Until a permanent patch is released for XML Core Services 5.0, a Fix It solution has been made available.

“The attacks Microsoft has seen do not target XML Core Services 5.0. In the default configurations of Internet Explorer 7, 8 and 9, an attack against XML Core Services 5.0 would require the user to manually enable the control by clicking the Allow button on the Internet Explorer gold bar,” Cristian Craioveanu of MSRC Engineering said.

Another Fix It that has been released with the July 2012 security bulletins is designed to disable Windows Sidebar and Gadgets on supported editions of Vista and 7.

This should protect users from security holes that can be leveraged when the Windows Sidebar runs insecure Gadgets.

The company warns customers to be extra cautious when installing Gadgets from untrusted sources since they might contain vulnerabilities that allow an attacker to execute arbitrary code and even take complete control of a computer if the victim is logged in with administrative privileges.

Windows users are advised to deploy the latest security bulletins as soon as possible to protect themselves and their digital assets.
Share it:

Security News