IE Flaw: Microsoft XML Vulnerability

Microsoft Patch Tuesday (designated day monthly on which Microsoft Fixes Security issues) disclosed a critical vulnerability in Microsoft XML (MSXML) Core Services 3.0, 4.0, 5.0 and 6.0 that could allow remote code execution when a user views a specifically crafted web site with Internet Explorer.

MSXML Core Services provide W3C compliant APIs that allow developers to use JavaScript, VBScript and Microsoft development tools to build XML 1.0 applications.

The vulnerability is exposed when MSXML accesses an object in memory that has not been initiated, leading to memory corruption such that an attacker could execute arbitrary code in the context of logged-in user.

Albeit, the vulnerability can only be exploited if a user visits an infected web site, the likelihood of users been tricked into visiting such sites is very high, given the rampage of social networking, emails and other messaging platforms whereby such phishing can be perpetrated.

The Patch Tuesday, however have afforded a temporary fix, now available for download on Microsoft Support website, Technet.

IE is perhaps saddled with history of security flaws, which were also responsible for the earlier Gmail hacks originating from China. And coupled with the current trends of state-sponsored cyber attacks, Google had recently launched a notification service to alert users of suspicious activities on their accounts.

Microsoft, indeed must have to work-out a thorough security system for its browser, Internet Explorer, in view of the growing browser wars.
Next Post »