Microsoft XML Core Services vulnerability to be patched on July 10
July 6, 2012
On July 2, 2012, I published an article detailing a vulnerability in Microsoft's XML Core Services that is being exploited in the wild. A Fix It Tool link was given to use as a workaround until an official patch can be released. That patch is to be released through Windows Update Services on Patch Tuesday, July 10, 2012.
The exact details are yet to be announced, as to any additional files or Registry settings that will be changed when the official patch is released, compared to the Fit It Tool modifications. If you have applied the Fix It Tool, continue to use it until Tuesday afternoon at the equivalent of about 2 PM Eastern Time, July 10. If you downloaded the second, unFix It Tool, run it on the 10th to reverse the changes. If you did not download the unFix It tool, go to the Microsoft Advisory KB2719615 page and see if they left the two Fix It buttons on the page. If so, use the button on the right, under "Disable" (#50898), to download and run the Fix It Tool that reverses the changes.
Note: The Fix It Tools are .msi files which require Administrator level credentials. You will have to answer a UAC challenge (under Windows 7, Server 2008+ and Vista) to proceed and you may need to provide an Administrator password, depending on what type of user account you are logged into. XP users will need to log into an Administrator level account, because "Run As" doesn't usually appear for .msi file types (unless you have hacked your Registry).
After running the aforementioned unFix Tool, go directly to Windows Updates and download all applicable patches for your Windows computers. Doing this immediately minimizes your exposure to an attacks targeting the XML Core Services. This is especially so because many people use Internet Explorer to visit the Windows Update site and Internet Explorer is the main conduit for the XML vulnerability being exploited in the BlackHole Exploit Kit.
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.