Microsoft has released a security advisory as well a “FIX-IT” and workaround instructions to address a vulnerability in Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0. This vulnerability, if not addressed, could allow an attacker to execute arbitrary code when a user visits a maliciously crafted web page using Internet Explorer. Microsoft reports that this vulnerability is being exploited in the wild.
The IT Security Office advises those affected to follow the instructions in the linked documents below “Additional Information”.
Security Bulletin Names:
OIT has defined the following categories to describe the severity of security risks:
URGENT severity represents a broad threat to the entire campus community.
SEVERE severity included remote exploits and worms.
IMPORTANT severity includes virus and local exploits for commonly used services.