Microsoft has confirmed it is investigating a security
bug described by independent security experts as “extremely
critical” in XML Core Services on Windows.
The company said it was aware of “limited attacks” that were
attempting to exploit the vulnerability.
Security firm Secunia warned that the hackers could exploit the
“extremely critical” flaw in the XMLHTTP 4.0 ActiveX Control of XML
Core Services to compromise a user’s system and execute arbitrary
code.
Microsoft said exploitation of the flaw relied on attackers
luring users to malicious websites. Users running Windows Server
2003 and Windows Server 2003 Service Pack 1 in their default
configurations, with the Enhanced Security Configuration switched
on, would not be affected.
The software giant said it would “take appropriate action”
following its investigation. A security update would be issued
either through Microsoft’s monthly patching cycle, or through an
out-of-cycle update.
Comment on this article:
computer.weekly@rbi.co.uk