Microsoft warns of zero-day attack

Microsoft has issued a warning about a zero-day attack, spread by phishing, that is actively exploiting a vulnerability in its XML Core Services that affects all supported versions of Windows and Office 2003 and 2007.

The vulnerability exists in versions 3.0, 4.0, 5.0 and 6.0 of XML Core Services and could allow remote-code execution if a user visits the hackers’ malicious website using Internet Explorer, Microsoft said in its advisory.

The advisory points out that attackers can’t force anyone to visit the site but would have to lure them there via links in e-mail or text messages, the common tactic of phishing campaigns.

The vulnerability could allow an attacker to gain the same rights as a logged-on users — which makes it a potentially bigger worry for administrators than regular users — and then deliver arbitrary code, Microsoft said.

The company said it is working on the problem and could issue a patch in its next regular Patch Tuesday update, or issue a more urgent out-of-band patch.

Meanwhile, Internet Explorers restricted mode, which is the default setting for Windows Server 2003, 2008 and 2008 R2, mitigates the vulnerability, the advisory states.
A Microsoft Fix it solution, available via the advisory, also will block the attack vector that exploits the vulnerability.

The warning was issued on the same day Microsoft released its June security bulletins, which include fixes for 26 security holes, 12 of them in IE.


About the Author

Kevin McCaney is a former editor of Defense Systems and GCN.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected