MS13-002 - Critical : Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Executi

News

Extraordinary Robot
News Feed
#1
Severity Rating: Critical
Revision Note: V1.1 (January 8, 2013): Corrected download links for Microsoft XML Core Services 3.0 on Windows Server 2003 with SP2 for Itanium-based Systems and for Microsoft XML Core Services 6.0 when installed on Windows Server 2003 with SP2 for Itanium-based Systems. Added Server Core installation entries to Affected Software for Microsoft XML Core Services 4.0 when installed on Windows Server 2008 for 32-bit Systems Service Pack 2 and Microsoft XML Core Services 6.0 on Windows Server 2008 for 32-bit Systems Service Pack 2. These are informational changes only. Customers who have already successfully updated their systems do not need to take any action.
Summary: This security update resolves two privately reported vulnerabilities in Microsoft XML Core Services. The vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes the user to the attacker's website.

More...
 


This website is not affiliated, owned, or endorsed by Microsoft Corporation. It is a member of the Microsoft Partner Program.
Top