Microsoft Patch Tuesday To Fix Zero-Day XML Flaw

Next week, Microsoft will address an Internet Explorer flaw that has already been actively exploited in the wild

This month’s Microsoft Patch Tuesday should see the software giant offer a proper fix for a zero-day Internet Explorer flaw that has been actively exploited in the wild.

Attack code for the CVE-2012-1889 flaw, which affects the Microsoft XML component in Internet Explorer, was published earlier this month. The vulnerability could allow remote code execution if a user visits a specially-crafted webpage on Internet Explorer and researchers have seen attempts to spread malware via an injection of malicious iframes on websites.

Security firm VUPEN told TechWeekEurope it had created a proof-of-concept showing that the attack code could be twisted so it affects all versions of Windows and bypasses various protections.

But, having viewed Microsoft’s advisory for July’s Patch Tuesday, Qualys CTO Wolfgang Kandek believes the vulnerability is set to be addressed.

High priority

“This bulletin will be the highest priority for users, at least for those who did not apply Microsoft’s FixIt supplied in the advisory,” he said in a blog post.

Microsoft has listed two other bulletins rated critical, as it will seek to address 16 vulnerabilities in total. Many of those relate to remote code execution threats.

“Bulletin 2 is for Internet Explorer (IE), and is a bit of a surprise as it breaks the usual cycle of supplying an update for IE every two months. The bulletin only applies to IE9 and is thus limited to Vista and above. Bulletin 3 is ‘critical’ for all desktop operating systems, XP, Vista and WIndows 7; for all others it is rated only “moderate”,” Kandek added.

“From the remaining bulletins all ranked ‘important’, we recommend paying attention to bulletin 4 which affects all versions of Office for Windows. It is a Remote Code Execution vulnerability and is ranked ‘important’ because it requires the targeted user to open a malicious file.

“We typically consider ‘important’ bulletins for Office as almost the same severity level as ‘critical’; after all these document-based attack campaigns are usually quite successful in convincing at least a subset of end users to open the malicious document.”

View the entire advance notification from Microsoft here.

Are you a security expert? Try our quiz!