
Attacks are already happening, admits Microsoft...
Published: 7 November 2006 09:15 GMT
An "extremely critical" vulnerability has been discovered in Microsoft's XML Core Services, according to several security companies.
The vulnerability, which affects only systems running Internet Explorer, is caused by an unspecified error in the XMLHTTP 4.0 ActiveX Control and could be used to seize control of an affected system, according to an advisory from Secunia.
IBM-owned ISS X-Force detailed on its site the kind of damage that could be caused by the vulnerability. According to the security company: "This could lead to loss of confidential information, disruption of business, or further compromise."
For the vulnerability to be exploited, a user would have to visit a malicious website, Secunia said.
Microsoft acknowledged the bug is already being exploited, in a note posted on the company's site. "We are aware of limited attacks that are attempting to use the reported vulnerability," it said.
Got two seconds?
Make your voice heard - take our latest poll.
Some of the software that may be affected includes Windows 2000, Windows XP Service Pack 2 and Windows Server 2003.
People running Windows Server 2003 and 2003 Service Pack 1 in the default configuration with the Enhanced Security Configuration turned on aren't affected, Microsoft said.
The software behemoth said it will determine, based on "customer needs", whether to release a patch during the company's monthly release process or an "out-of-cycle security update".
Microsoft's next patch release day is 14 November.
Greg Sandoval writes for CNET News.com
Title: Web Applications Vulnerability Tester / Penetration Tester Salary: market rates but probably 40k to 60k Company: online / ecommerce company ...
Upgrade provisioning Security patch management Application and Server Role delivery Configuration Management Advanced inventory and management ...
DCA is dedicated team for Patch installation management, HealthChecks, Vulnerability scans, Antivirus administration and Service Activation and ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Clive Longbottom Windows 7: Not perfect - but ready for prime time Microsoft's latest OS fixes most of Vista's ills - but still has challenges ahead
Stephen Kleynhans Mind the details with Windows 7 Just because it might work better than Vista, it doesn't mean you can be sloppy