FixIt: Microsoft XML Core Services Uninitialised Object Vulnerability

Question

The following was copied/pasted from http://secunia.com/advisories/49456 : Description A[n extremely critical] vulnerability has been reported in Microsoft XML Core Services, which can be exploited by malicious people to compromise a user's system.The vulnerability is caused due to an error when attempting to access an object in memory that has not been initialised.Successful exploitation allows execution of arbitrary code by e.g. tricking a user into viewing a malicious web page in Internet Explorer.NOTE: The vulnerability is reportedly being actively exploited. Provided and/or discovered byReported as a 0-day. ========= This vulnerability is UNpatched!   But Microsoft has acknowledged it: Upon completion of our investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs. for technical details, see   http://technet.microsoft.com/en-us/security/advisory/2719615 for a 'temporary work-around' ('fix it'), see http://support.microsoft.com/kb/2719615 Microsoft Fix it 50897 enables the [temporary] fix Also be sure to download and save Microsoft Fix it 50898 , which UNDOES the temporary fix   [This should be run when Microsoft eventually releases the 'permanent'/official fix for this issue]. EDIT/Note:   Secunia's PSI continues to report MS XML Core Services as 'Insecure, No Solution' even after the 'fix it' is applied.

ky331 · Answer

Gmail accounts targeted by 'state-sponsored attackers' using Internet Explorer zero-day vulnerability

http://nakedsecurity.sophos.com/2012/06/15/internet-explorer-zero-day-hijack-gmail-accounts/?utm_source=facebook&utm_medium=status+message&utm_campaign=naked+security

Virus & Spyware

Gmail accounts targeted by 'state-sponsored attackers' using Internet Explorer zero-day vulnerability

Was this post helpful?