Public Service Announcement: Microsoft Security Advisory (2719165)

Today Microsoft released a security advisory to all users running the Windows operating system (OS). A new vulnerability has been identified that allows for the Microsoft XML Core Services to be exploited and used for remote code execution.

This vulnerability is known in Microsoft XML Core Service versions:

  • 3.0
  • 4.0
  • 5.0
  • 6.0

You can read more on the advisory in their post here.

Please note that this is one of three critical updates, and four important updates released today – Read more here.

What’s the Relevence?

This is important to all users for a number of reasons.

This vulnerability is being exploited through web-based attacks. The user must visit a website carrying a specific payload designed to identify and exploit the vulnerability. Although newer versions of the Windows OS are configured with a least-privileged model, this is still an active attack vector.

Stop The Hacker

We provide a myriad of steps designed to help you reduce your threat landscape – keeping your local environment updated is one very important step. This security release is a perfect example of its importance.

About Tony Perez

Tony is the Co-Founder / CEO at Sucuri. His passion lies in educating and bringing awareness about online threats to business owners. His passions revolve around understanding the psychology of bad actors, the impacts and havoc hacks have on website owners, and thinking through the evolution of attacks. You can find his personal thoughts on security at PerezBox and you can follow him on Twitter at @perezbox.