On mySimon: Samsung 55" LED TV
BNET Business Network:
BNET
TechRepublic
ZDNet
67 TalkBacks

By Greg Sandoval
Posted on ZDNet News: Nov 7, 2006 12:25:00 AM

An "extremely critical" vulnerability has been discovered in Microsoft's XML Core Services, according to several security companies.

The vulnerability, which affects only systems running Internet Explorer, is caused by an unspecified error in the XMLHTTP 4.0 ActiveX Control and could be used to seize control of an affected system, according to an advisory from Secunia, a security company based in Denmark.

IBM-owned ISS X-Force detailed on its site the kind of damage that could be caused by the vulnerability.

"This could lead to loss of confidential information, disruption of business, or further compromise," according to the security company.

For the vulnerability to be exploited, a user would have to visit a malicious Web site, Secunia said.

Microsoft acknowledged that the bug is already being exploited, in a note posted to the company's site.

"We are aware of limited attacks that are attempting to use the reported vulnerability," Microsoft said.

Some of the software that may be affected includes Windows 2000, Windows XP Service Pack 2 and Windows Server 2003.

People running Windows Server 2003 and 2003 Service Pack 1 in the default configuration with the Enhanced Security Configuration turned on aren't affected, Microsoft said.

Microsoft will determine, based on "customer needs," whether to release a patch during the company's monthly release process or an "out-of-cycle security update," the company said.

Microsoft's next patch release day is November 14.

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 67 Talkback(s)
Well...
...SAMBA also isn't really something that just anyone can install either. If you know how to install and configure it properly, then you can get it working without any issues at all and maintain it s... (Read the rest)
Posted by: ken_ballard@... Posted on: 11/08/06 You are currently: a Guest | | Terms of Use
Loverock's Rep  yyuko@... | 11/06/06
"distributing much needed flaws"  Tony Agudo | 11/06/06
LOL.... A 9.5  shawkins | 11/06/06
6.6... Points deducted because...  James T. Kirk | 11/07/06
Rep?  Loverock Davidson | 11/07/06
Please keep news about your tingles to yourself, Loverock! (nt)  Zeppo9191 | 11/07/06
MSXML 4.0 is not installed as part of Windows  PB_z | 11/06/06
You are incorrect !  I'm Ye, the MS SHILL . | 11/06/06
No, you are incorrect. This is about MSXML *4.0*  PB_z | 11/06/06
I beg to differ !  I'm Ye, the MS SHILL . | 11/06/06
it seems that is not present in IE SP1 and XP SP1  markbn | 11/07/06
I beg to differ !  I'm Ye, the MS SHILL . | 11/06/06
And now for some REAL HOT NEWS !  I'm Ye, the MS SHILL . | 11/07/06
Okay....  ken_ballard@... | 11/08/06
FWIW  3D0G | 11/07/06
You are right!!  NonZealot | 11/06/06
Maybe one day you will catch that roadrunner!!  I'm Ye, the MS SHILL . | 11/07/06
I've removed IE from Windows  voska | 11/07/06
And now all the software that needs IE doesn't work.  osreinstall | 11/07/06
You are correct...  mharr | 11/08/06
I'm not vulnerable  wolf_z | 11/07/06
And now for some HOT LINUX NEWS !  I'm Ye, the MS SHILL . | 11/07/06
Yawn  Confused by religion | 11/07/06
Oh yeah , you'll be more disappointed with Microsoft Vista .  I'm Ye, the MS SHILL . | 11/07/06
I beta tested Vista...  Confused by religion | 11/07/06
Card make and model  Sabz5150 | 11/07/06
Wireless cards seem flaky if you ask me  voska | 11/07/06
Don't have the laptop with me at the office  Confused by religion | 11/07/06
I understand....  handydan918 | 11/07/06
Sorry for getting back so late...  Confused by religion | 11/07/06
Dell 1370 WLAN  3D0G | 11/08/06
See, the problem on the other foot is....  techboy_z | 11/07/06
And some...  James T. Kirk | 11/07/06
That's true  Shelendrea | 11/07/06
Real slow day here at ZDNET huh .  I'm Ye, the MS SHILL . | 11/07/06
Cut it out Root  Shelendrea | 11/07/06
SAMBA is a mistake  net-com | 11/07/06
Yeah right .  I'm Ye, the MS SHILL . | 11/07/06
Heads up Root  net-com | 11/07/06
He is technically right...  Mad Dan | 11/07/06
Amazing...  jasonp@... | 11/08/06
Well...  ken_ballard@... | 11/08/06
What have we been saying about ActiveX?  CobraA1 | 11/07/06
I have a serious question  NonZealot | 11/07/06
We were warned...  Mad Dan | 11/07/06
Java isn't that secure either.  osreinstall | 11/07/06
Java works great with Firefox  patrick@... | 11/07/06
Sure it doesn't  NonZealot | 11/07/06
Selective quotation...  Mad Dan | 11/07/06
Um, okay?  NonZealot | 11/07/06
Java is awful  osreinstall | 11/07/06
You what ??  Mad Dan | 11/07/06
Yep, some folks don't want that crap.  osreinstall | 11/07/06
So.......  PottHead | 11/07/06
It depends  NonZealot | 11/07/06
Here's the thing  Shelendrea | 11/07/06
Its even worse than that  NonZealot | 11/07/06
Definitions.  enduser_z | 11/07/06
I would not get too concerned.  osreinstall | 11/07/06
Just to push your buttons  zkiwi | 11/07/06
It really isn't a big deal.  osreinstall | 11/07/06
Ah well  zkiwi | 11/07/06
Like you do? As if it is going to change anything if you do care.  osreinstall | 11/07/06
Actually  zkiwi | 11/07/06
It will not matter one iota  osreinstall | 11/07/06
How would you suggest...  mharr | 11/08/06
Best way  slow_descent | 11/07/06

What do you think?

advertisement
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
The best support in the Linux business
If Linux is going to power your mission-critical applications, you'd better have the best support known to business. Novell was rated the top provider of Linux technical support.
Learn more >>
The more you simplify, the more you save
When you transition from your existing Red Hat environment to SUSE Linux Enterprise from Novell, you can recognize dramatic cost savings, perhaps as much 50%
Learn more >>
Keep Up With The Latest In Document Management with The DocuMentor.
Doc delivers the scoop on today's enterprise content management, printer maintenance, and all other issues related to document management. It's the DocuMentor Blog.
Learn more >>
Microsoft Dynamics CRM Online - Free Six-Month Trial for Eligible Organizations
Microsoft Dynamics CRM Online provides fast online access, simple contact management and better sales performance for a low monthly cost - the best value on the market today.
Learn more about the free, six-month trial offer>>
Learn more about tools to grow your business
The Business Essentials Guide provides you useful tools and templates to help grow your business and save you time with automated shipping solutions.
Save time with the UPS Business Essentials Guide
Reduce risk. Reduce complexity. Increase reliability.
A simplified IT environment isn't just less complex. It's also more reliable. Standardize on a single Linux platform with SUSE Linux Enterprise from Novell, and get the world's most interoperable Linux
Learn more >>
advertisement

White Papers, Webcasts, and Downloads

Enterprise Applications

  • Check out some of the easiest and most powerful ways to boost productivity while saving money on your application infrastructure. See ZDNet's comprehensive Enterprise Application resource center, now!
  • New Online Dashboard
  • Read about top issues IT decision-makers face every day, plus get cost effective solutions to real life IT problems. Oracle Topline