Jump to content
Wubi

Hackers Exploit Unpatched Windows XML vulnerability

Recommended Posts

Posted

Hackers Exploit Unpatched Windows XML vulnerability

Hackers Exploit Unpatched Windows XML vulnerability.jpg

An unpatched vulnerability in the Microsoft XML Core Services (MSXML) is being exploited in attacks launched from compromised websites to infect computers with malware. This zero-day exploit that potentially affects all supported versions of Microsoft Windows, and which has been tied to a warning by Google about state-sponsored attacks, has been identified carrying out attacks in Europe.

Microsoft security bulletin MS12-037 was this month’s cumulative update for Internet Explorer. It is rated as Critical, and addresses 14 separate vulnerabilities that affect every supported version of Internet Explorer in some way.One vulnerability in particular is more urgent than the rest, though. There are multiple attacks circulating online that target CVE-2012-1875.The name of the vulnerability is “Same ID Property Remote Code Execution Vulnerability”, which doesn’t really explain much.

Until a patch is released, the Microsoft workaround is the only way to stymie hackers. Many security vendors have updated their products to detect malicious code that tries to exploit the vulnerability. Exploit code that works on all versions of Internet Explorer on Windows XP, Vista and 7 has been added to the Metasploit penetration testing framework.

Microsoft has provided a temporary fix for the vulnerability that all Windows users should apply whether or not they use IE as their browser of choice. Most antivirus products have added signatures to detect and block exploits.

In addition, you can also run the Fix-It tool from Microsoft. The automated tool implements measures to block the attack vector used to exploit this vulnerability.

Sursa

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...