Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Microsoft Security Advisory 2719615 - MSXML - CVE-2012-1889

Published: 2012-06-12
Last Updated: 2012-06-12 19:30:57 UTC
by Swa Frantzen (Version: 1)
10 comment(s)

Several readers mentioned that Microsoft today issued a Security advisory regarding Microsoft XML Core Services (MSXML). This is in response to active exploitation.

The issues affects Office 2003 and 2007 on all versions of windows. All a user has to do to fall victim is visit the wrong website using IE. 

Microsoft has issued a fixit for it in the form of an msi file (see the KB 2719615 link below)

Alternative strategies would be to use browsers that do not support ActiveX, or disable the support in IE.

Links:

--
Swa Frantzen -- Section 66

Keywords: microsoft MSFT
10 comment(s)
Diary Archives