Tuesday, November 14, 2006

Microsoft XML Bug

Microsoft has issued a Security Advisory about a bug in the XMLHTTP 4.0 ActiveX Control. This control is part of Microsoft XML Core Services 4.0 on Windows, which should be present on Windows 2000, Windows XP, and Windows Server 2003 computers, even if the users don't know it. However, Windows Server 2003 users running with Enhanced Security Configuration on will not be vulnerable. An attack could be mounted if you browse to a maliciously designed page, resulting in hostile code running on your computer. Microsoft is working on a patch which will be coming in a future Patch Tuesday. Read the details at http://www.microsoft.com/technet/security/advisory/927892.mspx.