A Vulnerability in Microsoft XML{3}


This article discusses about a flaw in Microsoft XML that can allow attackers to gain access to a system. The vulnerability is known to all versions of Microsoft OS, and other popular supported programs such as Microsoft Office 2003 and 2007. This vulnerability can be exploited just by simply loading a malicious web page but most users have been taught not to click on any suspicious links. One way attackers are getting around this is to take over a well known site that many users are already going to. Experts say one European Medical Site was hijacked and implanted with a corrupted code, exploiting the XML flaw. Although Microsoft gave advice on how to reduce the risk of the flaw, Microsoft has not released an update to cover this exploit. The author goes on and discusses how to protect yourself such as making sure your security software is up to date with it’s definitions and also to use the Fix-it tool from Microsoft which will implement measures to block the site the vulnerability is at.

I felt this article was related to our topic because we began going over XML this week. I felt this article was relevant as I saw a couple of other articles discussing about this same flaw and how Microsoft has not included a patch in their recent updates. It seems like this flaw has been noticed for a while now as attackers are finding new ways to upload their malicious codes to exploit this XML flaw.

Ripley, C. (2012, June). Attackers Exploit Unpatched Windows XML Flaw. http://www.pcworld.com/article/258177/attackers_exploit_unpatched_windows_xml_flaw.html