XML Zero-Day Flaw Enables Attacker to Target Internet Explorer, Office

A zero-day flaw in versions of Microsoft’s XML Core Services (MSXML) is being actively exploited in the wild.

The vulnerability, which was discovered by Google, exists when MSXML attempts to access an object in memory that has not been initialized, and affects all supported versions of Windows as well as Microsoft Office 2003 and 2007. In a blog post, Google Security Engineer Andrew Lyons wrote the attacks were being distributed both through malicious Web pages targeting Internet Explorer users as well as through Office documents.

If successfully exploited, the bug can be used to enable an attacker to remotely execute code.  (Read More)

This entry was posted in IT Compliance, News, Security Awareness. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *