Microsoft zero-day flaw being exploited in the wild, warns SophosLabs

A zero-day vulnerability in Microsoft XML Core Services that could allow a remote code execution if a user views a malicious website using Internet Explorer is being exploited in the wild, according to SophosLabs.

In a Naked Security blog, Paul Baccas, senior threat researcher at SophosLabs UK, said that the lab has detected an exploitation of the vulnerability on a website of a European medical company.

The vulnerability was identified by Microsoft in an out-of-band security advisory issued last week.

In the advisory, Microsoft warned that “vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker's website.”

The advisory said the vulnerability affects all supported releases of Microsoft Windows, and all supported editions of Microsoft Office 2003 and Microsoft Office 2007, Microsoft said in the advisory.

“An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights”, the advisory explained.

Microsoft has yet to issue a patch for the vulnerability, but has offered a Fix It solution. Yunsun Wee, director, Microsoft Trustworthy Computing, said: "Microsoft recommends that customers apply the Fix it available in Security Advisory 2719615; as well as the Enhanced Mitigation Experience Toolkit, to block the potential attack vector in Internet Explorer. Once the security update addressing this issue is prepared and thoroughly tested, we will release it as appropriate."