Microsoft Patch Tuesday Takes Aim At Key XML, IE9 Vulnerabilities


Microsoft has released nine bulletins addressing 16 vulnerabilities in this month's edition of Patch Tuesday. Three of the bulletins are rated critical, while the remainders are listed as important.

Arguably the most critical patch is designed to close an XML vulnerability that has been used "in the wild" for the past month and is now being integrated into the Metasploit toolkit and at least one of the popular exploit kits, called Blackhole, according to Wolfgang Kandek, CTO of Qualys.

"This is a really important one if you haven't already applied the temporary fix that Microsoft rolled out last month," he said. "There are four versions of XML that are vulnerable, and only one is being attacked at this point. The temporary fix is aimed at the version under attack, but the patch fixes three of the other vulnerable versions. As long as the attackers do not change their tactics, you should be okay for the short term. But, eventually you will need to install the patch."

[Related: Seven Security Threats Circling Your Network]

At this point, XML version 5 is the one that remains vulnerable.

"By default, XML 5.0 has a bit of mitigation in place because it will prompt the user," explained Marc Maiffret, CTO of BeyondTrust. “So, Microsoft was truly trying to work fast and could not patch everything in time.”

"Version 5 is not a simple drive-by," agreed Jason Miller, manager of research and development at VMware. "Something else will have to happen. But if this does not get patched by this time next month, I think we will start seeing more exploits focusing on that vulnerability."

The second critical bulletin is for Internet Explorer 9, addressing two critical vulnerabilities that can enable remote execution when the user visits a malicious webpage, resulting in full control of the device. This patch should be executed as quickly as possible.

"The vulnerability within IE9 is interesting because Microsoft is always touting IE9 as being the best," said Maiffret. "But in this case, it's the only Web browser affected by this critical vulnerability. This is your classic situation where you browse to a malicious websites and code gets executed on your computer. We are likely to see exploits coming out very shortly."

NEXT: MDAC Vulnerability