{"id":1215,"date":"2012-06-27T17:15:49","date_gmt":"2012-06-27T17:15:49","guid":{"rendered":"http:\/\/www.camcert.gov.kh\/?p=1215"},"modified":"2012-06-27T17:18:18","modified_gmt":"2012-06-27T17:18:18","slug":"camsa12-13-critical-vulnerability-in-microsoft-xml-core-services","status":"publish","type":"post","link":"https:\/\/www.camcert.gov.kh\/en\/camsa12-13-critical-vulnerability-in-microsoft-xml-core-services\/","title":{"rendered":"CamSA12-13: Critical Vulnerability in Microsoft XML Core Services"},"content":{"rendered":"<p><strong>I. Overview<\/strong><\/p>\n<p>A critical vulnerability has been identified in the Microsoft XML Core Services. The vulnerability, if successfully exploited will cause the application to crash and could potentially allow an attacker to take control of the affected system.<\/p>\n<p>The vulnerability exists when MSXML attempts to access an object in memory that has not been initialized, which may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the logged-on user.<\/p>\n<p>Essentially, an attacker can trick users into clicking on a URL that will direct the users to a specially crafted web page containing the exploit.<\/p>\n<p><strong>II. Effected System<\/strong><\/p>\n<p>Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 are affected. Microsoft Internet Explorer, Microsoft Office 2003, and Microsoft Office 2007 are affected due to their use of XML Core Services.<\/p>\n<p><strong>III. Solutions<\/strong><\/p>\n<p>As of June 22, 2012, a comprehensive update is not available. Consider the following workarounds.<\/p>\n<p><strong>Apply Fix it<\/strong><\/p>\n<p>Apply the Fix it solution described in Microsoft Knowledge Base Article\u00a0<a href=\"http:\/\/support.microsoft.com\/kb\/2719615\">2719615<\/a>. This solution uses the\u00a0<a href=\"http:\/\/msdn.microsoft.com\/en-us\/library\/bb432182(v=VS.85).aspx\">Application Compatibility Database<\/a>\u00a0feature to make runtime modifications to XML Core Services to patch the vulnerability.<\/p>\n<p><strong>Disable scripting<\/strong><\/p>\n<p>Configure Internet Explorer to disable Active Scripting in the Internet\u00a0 and Local intranet zones as described in Microsoft Security Advisory (<a href=\"https:\/\/technet.microsoft.com\/en-us\/security\/advisory\/2719615#section10\">2719615<\/a>).<\/p>\n<p><strong>Use the Enhanced Mitigation Experience Toolkit (EMET<\/strong>)<\/p>\n<p>EMET is a utility to configure Windows runtime mitigation features such as Data Execution Prevention (DEP), Address Space Layout Randomization (ASLR), and Structured Exception Handler Overwrite Protection (SEHOP). These features, particularly the combination of system-wide DEP and ASLR, make it more difficult for an attacker to successfully exploit a vulnerability. Configure EMET for Internet Explorer as described in Microsoft Security Advisory (<a href=\"https:\/\/technet.microsoft.com\/en-us\/security\/advisory\/2719615#section9\">2719615<\/a>).<\/p>\n<p><strong>IV. Reference\u00a0<\/strong><\/p>\n<p>&#8211; <a href=\"http:\/\/technet.microsoft.com\/en-us\/security\/advisory\/2719615\" target=\"_blank\">http:\/\/technet.microsoft.com\/en-us\/security\/advisory\/2719615<\/a><\/p>\n<p>&#8211;\u00a0<a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/dd883248%28WS.10%29.aspx\">http:\/\/technet.microsoft.com\/en-us\/library\/dd883248(WS.10).aspx<\/a><\/p>\n<p>&#8211;\u00a0<a href=\"http:\/\/support.microsoft.com\/kb\/2719615\">http:\/\/support.microsoft.com\/kb\/2719615<\/a><\/p>\n<p><strong>V. Contact Information<\/strong><\/p>\n<p>&#8211; Email: office@camcert.gov.kh<\/p>\n<p>&#8211; Tel: (855) 92 335 536 \u2013 (855) 16 888 209<\/p>\n<div>\n<p>[message_box title=&#8221;Disclaimer&#8221; color=&#8221;yellow&#8221;]<\/p>\n<p>The information provided herein is on &#8220;as is&#8221; basis, without warranty of any kind.<\/p>\n<p>[\/message_box]<\/p>\n<\/div>\n"},"excerpt":{"rendered":"<p>I. Overview A critical vulnerability has been identified in the Microsoft XML Core Services. The vulnerability, if successfully exploited will cause the application to crash and could potentially allow an attacker to take control of the affected system. The vulnerability exists when MSXML attempts to access an object in memory that has not been initialized, [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":1117,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13,9],"tags":[63,37,64],"class_list":["post-1215","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-13","category-security-alert","tag-june","tag-security","tag-xml"],"_links":{"self":[{"href":"https:\/\/www.camcert.gov.kh\/en\/wp-json\/wp\/v2\/posts\/1215","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.camcert.gov.kh\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.camcert.gov.kh\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.camcert.gov.kh\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.camcert.gov.kh\/en\/wp-json\/wp\/v2\/comments?post=1215"}],"version-history":[{"count":4,"href":"https:\/\/www.camcert.gov.kh\/en\/wp-json\/wp\/v2\/posts\/1215\/revisions"}],"predecessor-version":[{"id":1221,"href":"https:\/\/www.camcert.gov.kh\/en\/wp-json\/wp\/v2\/posts\/1215\/revisions\/1221"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.camcert.gov.kh\/en\/wp-json\/wp\/v2\/media\/1117"}],"wp:attachment":[{"href":"https:\/\/www.camcert.gov.kh\/en\/wp-json\/wp\/v2\/media?parent=1215"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.camcert.gov.kh\/en\/wp-json\/wp\/v2\/categories?post=1215"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.camcert.gov.kh\/en\/wp-json\/wp\/v2\/tags?post=1215"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}