Microsoft has released a security advisory as well a “FIX-IT” and workaround instructions to address a vulnerability in Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0. This vulnerability, if not addressed, could allow an attacker to execute arbitrary code when a user visits a maliciously crafted web page using Internet Explorer. Microsoft reports that this vulnerability is being exploited in the wild.
The IT Security Office advises those affected to follow the instructions in the linked documents below “Additional Information”.
Security Bulletin Names: