News

Microsoft closes zero-day XML leak

By admin
Spread the love

Microsoft has released a patch for a critical security vulnerability in the XML Core Services with version numbers 3.0 through 6.0. This security hole was actively exploited by hackers to gain access to Gmail accounts.

Google tipped Microsoft on May 30, according to ZDNet, that the vulnerability was being actively exploited to hack into Gmail accounts. The company then also began warning users if it suspected they were being targeted by government hacks that exploited the vulnerability. Microsoft then made the vulnerability public on June 13 and released a workaround that disabled the XML component. Users could resort to this method until a patch was available. While Microsoft normally only releases updates for Internet Explorer every two months, and another update for the browser was made available last month, the vulnerability was so critical that it was rolled out Tuesday as part of “patch tuesday.”

The vulnerability concerns a vulnerability in the Microsoft XML Core Services with version numbers 3.0, 4.0, 5.0 and 6.0, which are standard part of Windows and Office 2003 and 2007. Office 2010 does not contain the vulnerability, Microsoft describes. The vulnerability allowed attackers to remotely execute code on a system without user consent. It was enough to have the user visit a custom website with Internet Explorer, which could then run the code.

You might also like
News

Blizzard will release certain games via Steam, starting with Overwatch 2

News

Microsoft and Activision Blizzard postpone acquisition deadline until October

News

Microsoft announces Bing Chat Enterprise and Copilot pricing for businesses

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

‘Microsoft wants to postpone deadline for Activision Blizzard…

News

Rumor: EU starts investigation into Microsoft for including Teams with Office

Exit mobile version