Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
Attackers Exploit Unpatched Windows XML Flaw
http://www.pcworld.com/article/258177/attackers_exploit_unpatched_windows_xml_flaw.htmlHopefully you’ve applied all of the updates and fixes from Microsoft’s Patch Tuesday by now. But, have you also implemented the workarounds Microsoft published? If not, your system could end up compromised.
While organizations and individuals were busy with the Patch Tuesday security bulletins, Microsoft also released an out-of-band security advisory for a flaw in Microsoft XML Core Services that can allow an attacker to gain control of a vulnerable system from across the Internet. The vulnerability affects all supported versions of Windows, and all supported versions of Office 2003 and Office 2007.
In the security advisory, Microsoft spells out some mitigating factors that may reduce the risk this vulnerability poses for a PC. The flaw can be exploited just by loading a malicious Web page, but there’s no way an attacker can force a user to do so. The attacker has to craft the malicious site, and then convince victims to visit the website somehow in order to compromise their systems.
Most users are conditioned not to click on links in spam email messages, or rogue instant messaging threads from strangers. But, attackers have another trick at their disposal—compromise a legitimate website that victims are already visiting of their own accord.
