Microsoft XML vulnerability under active exploitation

Tuesday, June 12, 2012 12:53 PM



Today Microsoft issued a Security Advisory describing a vulnerability in the Microsoft XML component. We discovered this vulnerability—which is leveraged via an uninitialized variable—being actively exploited in the wild for targeted attacks, and we reported it to Microsoft on May 30th. Over the past two weeks, Microsoft has been responsive to the issue and has been working with us. These attacks are being distributed both via malicious web pages intended for Internet Explorer users and through Office documents. Users running Windows XP up to and including Windows 7 are known to be vulnerable.

As part of the advisory, Microsoft suggests installing a Fix it solution that will prevent the exploitation of this vulnerability. We strongly recommend Internet Explorer and Microsoft Office users immediately install the Fix it while Microsoft develops and publishes a final fix as part of a future advisory.
The comments you read here belong only to the person who posted them. We do, however, reserve the right to remove off-topic comments.

4 comments:

Alexander Fuchs said...

Time to search an exploit and test this issue.

Anton said...

"We discovered this vulnerability"
"M$ thanks:
Google Security Team for working with us on the MSXML,

Qihoo 360 Security Center for reporting the MSXML "

M$ never been honest.

Josep Boix Requesens said...

Should I run the fix if I'm not running IE?

Konstantin crypt said...

Josep, you'd better run... run away from Windows.