CVE2012-1889: MSXML use-after-free vulnerability

N_J

Emeritus, Contributor
Joined
Apr 14, 2012
Posts
207
As soon as Microsoft had released patches for security bulletin MS12-037 (which patched 13 vulnerabilities for Internet Explorer) Google published information (Microsoft XML vulnerability under active exploitation) about a new zero-day vulnerability (CVE-2012-1889) in Microsoft XML Core Services. Sometimes vulnerabilities are discovered at a rate that outpaces the patching process and so a temporary fix is needed. That is what Microsoft has provided in this case: a ‘Fix it’ patch. We recommend that you install the patch because exploits for the vulnerability are already in the wild....


Source.....
http://blog.eset.com/2012/06/20/cve2012-1889-msxml-use-after-free-vulnerability


Patches can be downloaded here:
http://blogs.technet.com/b/srd/archive/2012/06/13/msxml-fix-it-before-fixing-it.aspx
 
I suggest that you save both files so that you can disable the solution prior to installing the update when it is released.
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top