Public Service Announcement: Microsoft Security Advisory (2719165)

Today Microsoft released a security advisory to all users running the Windows operating system (OS). A new vulnerability has been identified that allows for the Microsoft XML Core Services to be exploited and used for remote code execution.

This vulnerability is known in Microsoft XML Core Service versions:

  • 3.0
  • 4.0
  • 5.0
  • 6.0

You can read more on the advisory in their post here.

Please note that this is one of three critical updates, and four important updates released today – Read more here.

What’s the Relevence?

This is important to all users for a number of reasons.

This vulnerability is being exploited through web-based attacks. The user must visit a website carrying a specific payload designed to identify and exploit the vulnerability. Although newer versions of the Windows OS are configured with a least-privileged model, this is still an active attack vector.

Stop The Hacker

We provide a myriad of steps designed to help you reduce your threat landscape – keeping your local environment updated is one very important step. This security release is a perfect example of its importance.

Scan your website for free:
About Tony Perez

I'm a technologist with a passion for the Information Security domain. I am especially interested in malware reverse engineering, incident handling and response as well as offensive counter measures. Catch my personal rants on tonyonsecurity.com and follow on twitter at perezbox.