Recently, reports revealed that an unpatched flaw in Microsoft XML had been exploited by hackers, through Internet Explorer. The details of the vulnerability in MSXML were revealed by Microsoft on June 12, 2012, when it released its patches for the month. While the company offered a way to work around the flaw, it did not exactly provide the solution. If you have only applied the latest patches released by Microsoft, but not implemented the workarounds that it has provided, then you should do so immediately.
According to security experts, this particular flaw in Microsoft’s Core XML Services is a critical threat as it can be taken advantage of easily using Microsoft IE web browser. Apparently, this vulnerability in the MSXML allows hackers to infect hundreds of thousands of systems with malware, which is usually planted in websites that are compromised. The chances of your system being infected with the malware depend on whether or not you visit a website that has been infected with it. The bad news is that there is no way to know which websites are compromised and which are not.
As MSXML is used in all native Windows applications, exploitation of the latest vulnerability can affect all the releases between of the Windows and Microsoft Office 2003 and 2007 versions. Even if you are an IT professional and have attended XML training courses, you cannot prevent the hacker from injecting malware into your system if you are not careful. If your system is compromised, the hacker can get full access rights to your system.
Until the patch for this flaw is released, it is must that you implement the workaround and stay safe. Also, a few security vendors have upgraded their software to detect such malicious software. However, this means that you may have to shell a good amount for the software to stay safe, or hope that Microsoft releases the patch as soon as possible.
Link: https://www.pcworld.com/article/258177/attackers_exploit_unpatched_windows_xml_flaw.html
Please Share This Knowledge With Others!