Microsoft Patch Tuesday Takes Aim At Key XML, IE9 Vulnerabilities

By Ken Presti
July 10, 2012 5:38 PM ET

Page 1 of 2

Microsoft has released nine bulletins addressing 16 vulnerabilities in this month's edition of Patch Tuesday. Three of the bulletins are rated critical, while the remainders are listed as important.

Arguably the most critical patch is designed to close an XML vulnerability that has been used "in the wild" for the past month and is now being integrated into the Metasploit toolkit and at least one of the popular exploit kits, called Blackhole, according to Wolfgang Kandek, CTO of Qualys.

"This is a really important one if you haven't already applied the temporary fix that Microsoft rolled out last month," he said. "There are four versions of XML that are vulnerable, and only one is being attacked at this point. The temporary fix is aimed at the version under attack, but the patch fixes three of the other vulnerable versions. As long as the attackers do not change their tactics, you should be okay for the short term. But, eventually you will need to install the patch."

At this point, XML version 5 is the one that remains vulnerable.

"By default, XML 5.0 has a bit of mitigation in place because it will prompt the user," explained Marc Maiffret, CTO of BeyondTrust. “So, Microsoft was truly trying to work fast and could not patch everything in time.”

"Version 5 is not a simple drive-by," agreed Jason Miller, manager of research and development at VMware. "Something else will have to happen. But if this does not get patched by this time next month, I think we will start seeing more exploits focusing on that vulnerability."

The second critical bulletin is for Internet Explorer 9, addressing two critical vulnerabilities that can enable remote execution when the user visits a malicious webpage, resulting in full control of the device. This patch should be executed as quickly as possible.

"The vulnerability within IE9 is interesting because Microsoft is always touting IE9 as being the best," said Maiffret. "But in this case, it's the only Web browser affected by this critical vulnerability. This is your classic situation where you browse to a malicious websites and code gets executed on your computer. We are likely to see exploits coming out very shortly."

NEXT: MDAC Vulnerability

1 | 2 | Next >>

To continue reading this article, please download the free CRN Tech News app for your iPad or Windows 8 device.

Related: Videos | Slide Shows | Comments

SHARE THIS ARTICLE

More Security

Comments by Vanilla

Recent Articles

	Head-To-Head: Symantec Vs. McAfee In Endpoint Protection McAfee and Symantec are archrivals with a firm grip on the North American security market. CRN pits both vendors' endpoint security products against each other and names a winner.
	The 8 Steps Behind The Massive $45M Cyber Bank Heist More than $45 million was stolen from banks in the U.S. and 19 other countries in a scheme that law enforcement is calling an international conspiracy to drain millions from bank accounts using stolen debit cards and PIN numbers. Here's how they did it.
	Name Of The Game: Top 10 States For Identity Theft A Federal Trade Commission report provides statistics on identity theft and fraud complaints in 2012. Learn which state has the dubious distinction of having the most victims.
	More Slide Shows