Though we were notified last week that there was a problem with Microsoft’s XML implementation, news broke this weekend that it is now being actively exploited.
Image may be NSFW.
Clik here to view.
In response, Microsoft has released an emergency fix. This is not a patch, but rather a tool that temporarily hardens a workstation against an XML attack. Microsoft does this to help limit attacks while it works with vendors in the Microsoft Active Protections Program (MAPP) to build more robust detection and prevention capabilities to protect unpatched systems. Then, when the patches do come out, the problem will be considered officially resolved. Patches should be out by July 10th, if not sooner.
So, what should you do?
First, if you are running Sophos, Sourcefire or Alert Logic technology, trust your vendor. They are all in the MAPP and so will have decent protections soon. If, however, you are using a vendor that is not in the program, you should apply the fix to all Windows workstations that use Internet Explorer to browse the web. The fix is available here. Just scroll down and click on the button under “Apply.” When the patches are available, deploy them as soon as possible.
For more details, please see Microsoft’s security advisory.
