Microsoft said on Tuesday that it is aware of active attacks against a critical XML vulnerability in Windows. The vulnerability, affecting all supported versions of Windows and Office 2003 / 2007, allows hackers to remotely execute code if a user visits a malicious site using Internet Explorer. Google’s Security Team discovered the flaw in Microsoft’s XML component and reported it to the company on May 30th.
Microsoft warns of actively exploited Windows XML vulnerability discovered by Google’s Security Team
Microsoft is warning of an actively exploited vulnerability that affects all supported versions of Windows, discovered by Google’s Security Team.
Microsoft is warning of an actively exploited vulnerability that affects all supported versions of Windows, discovered by Google’s Security Team.
is a senior correspondent and author of Notepad, who has been covering all things Microsoft, PC, and tech for over 20 years.
“Microsoft has been responsive to the issue and has been working with us,” says Google’s Andrew Lyons, explaining that the attacks use malicious web pages and Office documents. Microsoft says it is currently investigating the vulnerability and may issue an out-of-cycle security update if required. For now, the company has issued a Fix It workaround solution intended to block the attack vector for the vulnerability.
Follow topics and authors from this story to see more like this in your personalized homepage feed and to receive email updates.
