Patch Tuesday could address XML zero-day flaw

Microsoft will issue nine security bulletins as part of its Patch Tuesday update on July 10, including a fix that could be for a vulnerability in XML Core Services that is being actively exploited.

In its advanced notifications for the release, Microsoft lists the nine bulletins along with their severity -- three are critical and six are listed as important -- and what software is affected, but doesn’t go into much more detail. All three of the critical fixes involve remote code execution.

The vulnerability in XML Core Services affects all supported versions of Windows and allows remote code execution. It has been identified as being exploited in attacks in Europe in June and in recent attacks using the Sykipot Trojan targeting the aerospace industry.


Related coverage:

Sykipot variant, exploiting Microsoft vulnerability, targets aerospace industry

State-sponsored attacks targeting Microsoft zero-day?


Microsoft issued a warning about the vulnerability on June 12 and directed users to a Fix-it  workaround, but has not yet issued an automated patch.

The XML vulnerability has been tied to state-sponsored attacks that Google warned its users about in early June. And Alienvault Labs, which identified the recent Sykipot attacks, said there was evidence, though no proof, that those attacks are coming from China.

Microsoft will release more information on this month’s patches on July 10.

About the Author

Kevin McCaney is editor of Defense Systems. Follow him on Twitter: @KevinMcCaney.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above