Recent Posts

Community

Email Notifications

Personal Links

Archives

Harry Waldron - IT Security

Security Developments, Software Updates and Best Practices

Microsoft XML Core Services 4.0 - Unpatched vulnerability and exploit

Users should continue to be cautious with email and in browsing web sites as a new unpatched vulnerability with exploits in-the-wild surfaced this weekend. 

Microsoft Critical Advisory # 927892
http://www.microsoft.com/technet/security/advisory/927892.mspx

Internet Storm Center
http://www.incidents.org/diary.php?storyid=1825

SecurityFocus Advisory
http://www.securityfocus.com/brief/348

AVERT Labs MS zero-day Vulnerability
http://www.avertlabs.com/research/blog/?p=125

Secunia 
http://secunia.com/advisories/22687/

FrSIRT
http://www.frsirt.com/english/advisories/2006/4334

CERT
http://www.us-cert.gov/current/current_activity.html#xcorerem

QUOTE: A vulnerability has been identified in Microsoft XML Core Services, which could be exploited by remote attackers to take complete control of an affected system. This flaw is due to a memory corruption error in the XML based ActiveX Control.


RECOMMENDATIONS (CERT):  Until an official update, patch, or more information becomes available, we recommend the following actions to help mitigate the security risks:

* Disable the XMLHTTP 4.0 object in Internet Explorer as specified in Microsoft Support Document 240797.
* Disable ActiveX as specified in the Securing Your Web Browser document.
* Do not follow unsolicited links.
* Review the steps described in Microsoft's document to improve the safety of your browser.