Actively Exploited Microsoft Security Vulnerability

Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution

Unpatched, critical, security vulnerability in Microsoft XML Core Services is actively being exploited by attackers.

By simply visiting the website on vulnerable machine, the computer can become infected.

Here are the provisions of this bug:

  • Web-based attack scenario, which means users have to be led to the site to exploit the vulnerability through a specifically crafted link (such as email message, instant message, etc.)
  • If the attacker successfully exploits this flaw and gets on to the victim’s machine, it will obtain the same user rights as the current user logged in. Depending on the type of account (limited or administrator), will declare the ability of the malware.

CVE entry: CVE-2012-1889

Microsoft KB entry: KB2719615

A temporary fix is in place by Microsoft: Fix-ItPlease secure your system now! The final fix is being developed by Microsoft.


You may want to consider purchasing Malwarebytes’ Anti-Malware to protect against these types of threats.

Tags: , , , , , , ,

About Dr Jay

%d bloggers like this: