clock menu more-arrow no yes

Filed under:

Microsoft warns of actively exploited Windows XML vulnerability discovered by Google's Security Team

New, 17 comments

Microsoft is warning of an actively exploited vulnerability that affects all supported versions of Windows, discovered by Google's Security Team.

If you buy something from a Verge link, Vox Media may earn a commission. See our ethics statement.

cluster of locks security privacy stock 1024
cluster of locks security privacy stock 1024

Microsoft said on Tuesday that it is aware of active attacks against a critical XML vulnerability in Windows. The vulnerability, affecting all supported versions of Windows and Office 2003 / 2007, allows hackers to remotely execute code if a user visits a malicious site using Internet Explorer. Google's Security Team discovered the flaw in Microsoft's XML component and reported it to the company on May 30th.

"Microsoft has been responsive to the issue and has been working with us," says Google's Andrew Lyons, explaining that the attacks use malicious web pages and Office documents. Microsoft says it is currently investigating the vulnerability and may issue an out-of-cycle security update if required. For now, the company has issued a Fix It workaround solution intended to block the attack vector for the vulnerability.