InfoSec Handlers Diary Blog - Microsoft Security Advisory 2719615 - MSXML

SANS Site Network
- Current Site
- Internet Storm Center
- Other SANS Sites Help
- Graduate Degree Programs
- Security Training
- Security Certification
- Security Awareness Training
- Penetration Testing
- Industrial Control Systems
- Cyber Defense Foundations
- IT Audit
- Computer Forensics
- Software Security
- Government OnSite Training

InfoSec Handlers Diary Blog

Microsoft Security Advisory 2719615 - MSXML - CVE-2012-1889

Published: 2012-06-12
Last Updated: 2012-06-12 19:30:57 UTC
by Swa Frantzen (Version: 1)

Several readers mentioned that Microsoft today issued a Security advisory regarding Microsoft XML Core Services (MSXML). This is in response to active exploitation.

The issues affects Office 2003 and 2007 on all versions of windows. All a user has to do to fall victim is visit the wrong website using IE.

Microsoft has issued a fixit for it in the form of an msi file (see the KB 2719615 link below)

Alternative strategies would be to use browsers that do not support ActiveX, or disable the support in IE.

Links:

--
Swa Frantzen -- Section 66

Keywords: microsoft MSFT

10 comment(s)

SANS SEC401: Security Essentials Bootcamp Style. Learn the most effective steps to prevent attacks and detect adversaries with actionable techniques that you can directly apply when you get back to work.