Microsoft Security Advisory (927892) - Vulnerability in Microsoft XML Core Services
Microsoft Security Advisory (927892)
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution
Microsoft is investigating public reports of a vulnerability in the XMLHTTP 4.0 ActiveX Control, part of Microsoft XML Core Services 4.0 on Windows. We are aware of limited attacks that are attempting to use the reported vulnerability.
Customers who are running Windows Server 2003 and Windows Server 2003 Service Pack 1 in their default configurations, with the Enhanced Security Configuration turned on, are not affected. Customers would need to visit an attacker’s Web site to be at risk. We will continue to investigate these public reports.
Affected software:
Microsoft XML Core Services 4.0 when installed on Windows 2000 Service Pack 4
Microsoft XML Core Services 4.0 when installed on Microsoft Windows XP Service Pack 2
Microsoft XML Core Services 4.0 when installed on Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
Follow the suggested actions by Microsoft at http://www.microsoft.com/technet/security/advisory/927892.mspx