Public Service Announcement: Microsoft Security Advisory (2719165)

Today Microsoft released a security advisory to all users running the Windows operating system (OS). A new vulnerability has been identified that allows for the Microsoft XML Core Services to be exploited and used for remote code execution.

This vulnerability is known in Microsoft XML Core Service versions:

  • 3.0
  • 4.0
  • 5.0
  • 6.0

You can read more on the advisory in their post here.

Please note that this is one of three critical updates, and four important updates released today – Read more here.

What’s the Relevence?

This is important to all users for a number of reasons.

This vulnerability is being exploited through web-based attacks. The user must visit a website carrying a specific payload designed to identify and exploit the vulnerability. Although newer versions of the Windows OS are configured with a least-privileged model, this is still an active attack vector.

Stop The Hacker

We provide a myriad of steps designed to help you reduce your threat landscape – keeping your local environment updated is one very important step. This security release is a perfect example of its importance.

Read more: Public Service Announcement: Microsoft Security Advisory (2719165)

Story added 13. June 2012, content source with full text you can find at link above.