Unpatched Microsoft XML Core Services flaw increasingly targeted in attacks

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

I don't see where in Macro$haft's advisory they mention the
vulnerability (or lack thereof) of any particular version of Internet
Exploiter.

All I see mentioned is "Microsoft XML Core Services" 3,4 and 6 (what
happened to 5?).

I bet that Win-98 running IE6 is not vulnerable to this exploit.

Interestingly, XP-SP3 is listed as vulnerable, along with XP-SP2x64.

But not XP-SP2 (32 bit) ???

Office 2000 is also NOT listed.

Meekro$oft won't release a patch until the NSA gives it the go-ahead to
do so.  This is so that the NSA can leverage the exploit and try to
infect and control as many systems in the middle-east as possible.

===================

Unpatched Microsoft XML Core Services flaw increasingly targeted in
attacks, researchers say

http://www.computerworld.com/s/article/9228301/Unpatched_Microsoft_XML_Core_Services_flaw_increasingly_targeted_in_attacks_researchers_say

Sophos discovers new compromised websites that exploit the CVE-2012-1889
MSXML vulnerability
By Lucian Constantin
June 20, 2012 04:18 PM ET

IDG News Service - An unpatched vulnerability in the Microsoft XML Core
Services (MSXML) is being exploited in attacks launched from compromised
websites to infect computers with malware, according to security
researchers from antivirus vendor Sophos.

One such attack was spotted Wednesday on the website of a European
aeronautical parts supplier that had been hacked, Sophos senior
technology consultant Graham Cluley said in a blog post. It follows a
similar attack detected over the weekend on the compromised website of
an European medical company, he said.

http://nakedsecurity.sophos.com/2012/06/20/aeronautical-state-sponsored-exploit /

Both compromised websites had rogue code injected into them that loaded
an exploit for the CVE-2012-1889 MSXML vulnerability when accessed in
Internet Explorer.

"A hacker who manages to plant malicious code on the website of, say, a
company which supplies aeronautical parts may reasonably predict that
staff at a larger organisation - such as an arms manufacturer or defence
ministry - might have reason to access the site," Cluley said.

The MSXML vulnerability is believed to have been exploited in
state-sponsored attacks against Gmail users earlier this month.
Microsoft issued a security advisory about the flaw on June 12 and
advised customers to apply one of several proposed work-arounds until a
final security patch is released.

http://technet.microsoft.com/en-us/security/advisory/2719615

Exploit code that works on all versions of Internet Explorer on Windows
XP, Vista and 7 has been added to the Metasploit penetration testing
framework. "We expect this vulnerability to grow even more dangerous
since there's no patch, and it's rather easy to trigger," the Metasploit
developers said Monday in a blog post.

Even though a patch is not yet available, Microsoft has released a "Fix
it" solution that prevents the exploitation of this vulnerability in
Internet Explorer. "We strongly suggest that you consider this
workaround - for now," Sophos senior threat researcher Paul Baccas said
in a blog post on Tuesday.

http://support.microsoft.com/kb/2719615

Site Timeline