14 DAY TRIAL // With the release of the July 2012 security bulletins, Microsoft has addressed a number of serious issues, but the most important of them is most likely the vulnerability in XML Core Services.
The security hole that uses Internet Explorer as an attack vector has been exploited in the wild. As a result, the Redmond company has made available a Fix It solution to protect customers until the release of a more permanent patch.
The critical severity flaw in XML Core Services 3.0, 4.0, and 6.0, which can be leveraged by an attacker to remotely execute malicious pieces of code, affects all supported versions of the Windows operating system.
Microsoft Office 2003 and 2007 customers who rely on XML Core Services 5.0 are also affected by this vulnerability. However, the testing process for the updates is not yet complete.
Until a permanent patch is released for XML Core Services 5.0, a Fix It solution has been made available.
“The attacks Microsoft has seen do not target XML Core Services 5.0. In the default configurations of Internet Explorer 7, 8 and 9, an attack against XML Core Services 5.0 would require the user to manually enable the control by clicking the Allow button on the Internet Explorer gold bar,” Cristian Craioveanu of MSRC Engineering said.
Another Fix It that has been released with the July 2012 security bulletins is designed to disable Windows Sidebar and Gadgets on supported editions of Vista and 7.
This should protect users from security holes that can be leveraged when the Windows Sidebar runs insecure Gadgets.
The company warns customers to be extra cautious when installing Gadgets from untrusted sources since they might contain vulnerabilities that allow an attacker to execute arbitrary code and even take complete control of a computer if the victim is logged in with administrative privileges.
Windows users are advised to deploy the latest security bulletins as soon as possible to protect themselves and their digital assets.