Microsoft XML Core Service Zero Day Vulnerability Being Targeted

On June 12th we reported the release of a new Microsoft Security Advisory. It was of specific interest to us as it was exploitable via web-based malware and being classified as a Zero Day vulnerability.

To that point, today, NakedSecurity reported that the Blackhole Exploit Kit has been updated with a module designed to exploit that vulnerability.

Blackhole Exploit Kit


Many Anti-Virus entities attribute it to make up approximately 30% of all web-based malware. It’s been around since late 2010 and its highly sophisticated. It is currently sold to cyber-criminals for an annual subscriptions starting at $1,500. Its important to note though that there are also free versions floating the underbelly of the web.

Sophos put together an outstanding white paper titled Exploring the Blackhole Exploit Kit. In it they provide excellent information around the kits anatomy.

What’s important to note is that the kit is highly customizable and capable of targeting a wide array of known exploits. In its infancy, Microsoft was one of its favorite targets. As of late, it has continued to mature and has been placing extra emphasis on Adobe Reader, Adobe Flash and Java. That being said, with the release of the XML Core Service Vulnerability, it appears new variants are being found with modules designed to target it.

This is important to note, because if you recall, this is a very serious vulnerability, if exploited, it would provide remote access and execution to your local environment. In essence it would empower attackers to compromise your machine allowing them to add your machine to their active malnets, apply randsomware, flood you with spyware or adware, and a slew of other malicious activities.


We are actively detecting this kit and a number of its other variants. If you have questions or feel your site might be compromised please contact us at info@sucuri.net

1 comment

Comments are closed.

You May Also Like