frame   frame
SANS Logo SANS Homepage SANS Bookstore SANS Reading Room SANS Portal
  border   border  
CDI East 2006
To register for the SANS classes, use brochure code "ISC"
SC Magazine Award
border Handler on Duty: Deborah Hale space 22:30:08 UTC Nov 04 2006, 18:30:08 Nov 04 2006 border  
Handler's Diary: Microsoft Security Advisory (927892)

Handler's Diary November 4th 2006

previous -

Microsoft Security Advisory (927892) (NEW)

Published: 2006-11-04,
Last Updated: 2006-11-04 15:49:30 UTC by Deborah Hale (Version: 1)

Microsoft Security Advisory (927892)

Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution

Microsoft published an advisory yesterday regarding a vulnerability in the XMLHTTP 4.0 ActiveX Control, part of Microsoft XML Core Services 4.0 on Windows. They indicate in the advisory that they are aware of limited attacks and are investigating the reports further.

According to the advisory "
Customers who are running Windows Server 2003 and Windows Server 2003 Service Pack 1 in their default configurations, with the Enhanced Security Configuration turned on, are not affected. Customers would need to visit an attacker's Web site to be at risk."

Microsoft Security Advisory

Thanks to Edwin for providing us with this information.

previous -