Microsoft released Security Advisory 2719615 which relates to a Remote Code Execution issue involving MSXML Core Services 3.0, 4.0, 5.0, and 6.0. The vulnerability affects all supported releases of Microsoft Windows, and all supported editions of Microsoft Office 2003 and Microsoft Office 2007.
As described in the Security Advisory:
"The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker's website."
Microsoft Fix it
As an interim work-around, Microsoft has provided a Microsoft Fix it solution that blocks the attack vector for this vulnerability.The Fix it solution is available from Microsoft KB Article 2719615, with direct links to the download files to enable and disable the solution below. I suggest that you save both files so that you can disable the solution prior to installing the update when it is released.
| Enable | Disable |
|---|---|
| Fix this problem Microsoft Fix it 50897 | Fix this problem Microsoft Fix it 50898 |
References
- MSRC: Certificate Trust List update and the June 2012 bulletins
- Tech Net Advisory: Microsoft Security Advisory (2719615) Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution
- Knowledge Base Article: Microsoft Security Advisory: Vulnerability in Microsoft XML Core Services could allow remote code execution
HatTip: ky331
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...
0 comments:
Post a Comment