Public Service Announcement: Microsoft Security Advisory (2719165)

Today Microsoft released a security advisory to all users running the Windows operating system (OS). A new vulnerability has been identified that allows for the Microsoft XML Core Services to be exploited and used for remote code execution.

This vulnerability is known in Microsoft XML Core Service versions:

  • 3.0
  • 4.0
  • 5.0
  • 6.0

You can read more on the advisory in their post here.

Please note that this is one of three critical updates, and four important updates released today – Read more here.

What’s the Relevence?

This is important to all users for a number of reasons.

This vulnerability is being exploited through web-based attacks. The user must visit a website carrying a specific payload designed to identify and exploit the vulnerability. Although newer versions of the Windows OS are configured with a least-privileged model, this is still an active attack vector.

Stop The Hacker

We provide a myriad of steps designed to help you reduce your threat landscape – keeping your local environment updated is one very important step. This security release is a perfect example of its importance.

Scan your website for free:
About Tony Perez

Tony is the Co-Founder / CEO at Sucuri. He shares a deep passion for Information Security, Business and Brazilian JiuJitsu. He approaches the business the same as he trains BJJ, one move at a time and gently. You can follow him on twitter: @perezbox.