Microsoft warns of zero-day attack

Microsoft has issued a warning about a zero-day attack, spread by phishing, that is actively exploiting a vulnerability in its XML Core Services that affects all supported versions of Windows and Office 2003 and 2007.

The vulnerability exists in versions 3.0, 4.0, 5.0 and 6.0 of XML Core Services and could allow remote-code execution if a user visits the hackers’ malicious website using Internet Explorer, Microsoft said in its advisory.

The advisory points out that attackers can’t force anyone to visit the site but would have to lure them there via links in e-mail or text messages, the common tactic of phishing campaigns.

The vulnerability could allow an attacker to gain the same rights as a logged-on users — which makes it a potentially bigger worry for administrators than regular users — and then deliver arbitrary code, Microsoft said.

The company said it is working on the problem and could issue a patch in its next regular Patch Tuesday update, or issue a more urgent out-of-band patch.

Meanwhile, Internet Explorers restricted mode, which is the default setting for Windows Server 2003, 2008 and 2008 R2, mitigates the vulnerability, the advisory states.
A Microsoft Fix it solution, available via the advisory, also will block the attack vector that exploits the vulnerability.

The warning was issued on the same day Microsoft released its June security bulletins, which include fixes for 26 security holes, 12 of them in IE.


About the Author

Kevin McCaney is a former editor of Defense Systems and GCN.


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected