Categories: SecurityWorkspace

Microsoft Patch Tuesday To Fix Zero-Day XML Flaw

This month’s Microsoft Patch Tuesday should see the software giant offer a proper fix for a zero-day Internet Explorer flaw that has been actively exploited in the wild.

Attack code for the CVE-2012-1889 flaw, which affects the Microsoft XML component in Internet Explorer, was published earlier this month. The vulnerability could allow remote code execution if a user visits a specially-crafted webpage on Internet Explorer and researchers have seen attempts to spread malware via an injection of malicious iframes on websites.

Security firm VUPEN told TechWeekEurope it had created a proof-of-concept showing that the attack code could be twisted so it affects all versions of Windows and bypasses various protections.

But, having viewed Microsoft’s advisory for July’s Patch Tuesday, Qualys CTO Wolfgang Kandek believes the vulnerability is set to be addressed.

High priority

“This bulletin will be the highest priority for users, at least for those who did not apply Microsoft’s FixIt supplied in the advisory,” he said in a blog post.

Microsoft has listed two other bulletins rated critical, as it will seek to address 16 vulnerabilities in total. Many of those relate to remote code execution threats.

“Bulletin 2 is for Internet Explorer (IE), and is a bit of a surprise as it breaks the usual cycle of supplying an update for IE every two months. The bulletin only applies to IE9 and is thus limited to Vista and above. Bulletin 3 is ‘critical’ for all desktop operating systems, XP, Vista and WIndows 7; for all others it is rated only “moderate”,” Kandek added.

“From the remaining bulletins all ranked ‘important’, we recommend paying attention to bulletin 4 which affects all versions of Office for Windows. It is a Remote Code Execution vulnerability and is ranked ‘important’ because it requires the targeted user to open a malicious file.

“We typically consider ‘important’ bulletins for Office as almost the same severity level as ‘critical’; after all these document-based attack campaigns are usually quite successful in convincing at least a subset of end users to open the malicious document.”

View the entire advance notification from Microsoft here.

Are you a security expert? Try our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

3 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

3 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago