Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Information Disclosure Vulnerability in Microsoft XML Core Services

 

Systems Affected


Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit & x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit & x64-based Systems Service Pack 1 Security Only
Windows 7 for 32-bit & x64-based Systems Service Pack 1Monthly Rollup
Windows Server 2008 R2 for x64-based Systems Service Pack 1 Security Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1 Monthly Rollup
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1Security Only
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 Monthly Rollup
Windows 8.1 for 32-bit & x64-based Systems Security Only
Windows 8.1 for 32-bit & x64-based Systems Monthly Rollup
Windows Server 2012 & 2012 R2 Security Only
Windows Server 2012 & 2012 R2 Monthly Rollup
Windows RT 8.1 Monthly Rollup
Windows 10 for 32-bit & x64-based Systems
Windows 10 Version 1511 for 32-bit & x64-based Systems
Windows 10 Version 1607 for 32-bit & x64-based Systems
Windows Server 2016 for x64-based Systems
Windows Server 2008 for 32-bit & x64-based Systems Service Pack 2
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2012 & 2012 R2 (Server Core installation) Security Only
Windows Server 2012 & 2012 R2 (Server Core installation) Monthly Rollup
Windows Server 2016 for x64-based Systems (Server Core installation)

Threat Level


High


Overview


Vulnerability has been reported in Microsoft XML Core Services, which could be exploited by a remote attacker to gain access to sensitive information on a targeted system.


Description


Information Disclosure vulnerability exists in Microsoft XML Core Services, due to improper handling of memory objects. A remote attacker could exploit this vulnerability by enticing a user to visit a specially crafted webpage that will trigger an object memory flaw in MSXML.

Successful exploitation of this vulnerability could allow the remote attacker to gain access to sensitive information that may lead to further attacks.


Impact



Solution/ Workarounds


Apply appropriate update as mentioned in the Microsoft Security Bulletin

https://technet.microsoft.com/library/security/MS17-022


References


http://www.cert-in.org.in/


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.