Microsoft warns of actively exploited Windows XML vulnerability discovered by Google's Security Team

By Tom Warren on June 13, 2012 08:03 am @tomwarren 17Comments

Microsoft said on Tuesday that it is aware of active attacks against a critical XML vulnerability in Windows. The vulnerability, affecting all supported versions of Windows and Office 2003 / 2007, allows hackers to remotely execute code if a user visits a malicious site using Internet Explorer. Google's Security Team discovered the flaw in Microsoft's XML component and reported it to the company on May 30th.

"Microsoft has been responsive to the issue and has been working with us," says Google's Andrew Lyons, explaining that the attacks use malicious web pages and Office documents. Microsoft says it is currently investigating the vulnerability and may issue an out-of-cycle security update if required. For now, the company has issued a Fix It workaround solution intended to block the attack vector for the vulnerability.

Via Google Online Security Blog Ars Technica
Source Microsoft security advisory
Related Items microsoft xml xml windows xp windows vista windows 7 office 2003 office 2007 Microsoft

There are 17 Comments. Load 'Em Up. Show speed reading tips and settings

Shortcuts to mastering the comment thread. Use wisely.

C - Next Comment
X - Mark as Read

R - Reply
Z - Mark Read & Next

Shift + C - Previous
Shift + A - Mark All Read

Comment Settings

Live comment alert: Hide it!

The Verge

Microsoft warns of actively exploited Windows XML vulnerability discovered by Google's Security Team

There are 17 Comments. Load 'Em Up. Show speed reading tips and settings

Comment Settings

Comments for this post are closed.