Security Advisory for Microsoft XML

Last Updated: 06/14/2012

Security Notice Level

SEVERE

Microsoft has released a security advisory as well a “FIX-IT” and workaround instructions to address a vulnerability in Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0. This vulnerability, if not addressed, could allow an attacker to execute arbitrary code when a user visits a maliciously crafted web page using Internet Explorer. Microsoft reports that this vulnerability is being exploited in the wild.

The IT Security Office advises those affected to follow the instructions in the linked documents below “Additional Information”.

Security Bulletin Names:

  • Microsoft Security Advisory (2719615): Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution
  • Released: June 12, 2012

Affected Software

  • Microsoft Windows
  • Microsoft Server
  • Microsoft Office 2003 and 2007