Microsoft to patch zero-day exploit among five others

By Justin Mann on November 9, 2006, 3:44 PM
The flaw we heard about a few days ago regarding XML Core Services will be patched by Microsoft during the monthly patching cycle. Even though the scope of the flaw is fairly low, it is serious enough to earn a “critical” rating, along with 5 other fixes that are planned for this release. The flaw was discovered just a few days ago, and doesn't affect home users of Windows, targeting only Windows Server 2003 in specific configurations. Secunia reported on the vulnerability, saying that it is being actively exploited by hackers. Even though it is of that serious a nature, Microsoft still is committed only to releasing patches on their set date.




User Comments: 2

Got something to say? Post a comment
9Nails said:
Each patch seems to release a new batch of infections. I wish there was some way to prevent this patch Tuesdays and attack of the script kiddies Wednesdays.
ThomasNews said:
"The flaw was discovered just a few days ago". Errm, not exactly.[url]http://secunia.com/blog/2/[/url];"On Monday 30th October, Secunia published an advisory describing a vulnerability in IE7, which appears to be a legacy from IE6 - and which back in 2004 turned out to affect virtually every single browser on the market... In 2004 the organisations behind Firefox, Netscape, Opera, Konqueror, OmniWeb, and Safari all confirmed the "Windows Injection" issue to be avulnerability and subsequently issued fixes for this issue... Microsoft writes in their blog that they didn't consider this to be a vulnerability back in 2004 because it potentially could break functionality on websites!... We believe that Microsoft ought to take responsibility for the bugs, weaknesses, and vulnerabilities in their browser to ensure that it really protects against phishing and similar scam attacks - isn't this what Microsoft advertises that IE7 does better than it's predecessors?"[url]http://blogs.technet.com/msrc/archive/200
/10/31/information-on-address-bar-issue.aspx[/url];"The newly reported issue is actually a repeat of an issue reported in 2004."[Edited by ThomasNews on 2006-11-10 13:52:58]
Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.