New critical vulnerability used to install malware

New extremely critical vulnerability has been discovered in Microsoft XML Core Services. This flaw can be exploited in order to execute malicious code remotely, i.e. secretly install harmful parasites without user consent. Unfortunately, an exploit already exists, and all you have to do to get infected is visit a web page hosting it.

The XMLHTTP vulnerability, that’s how the latest flaw is called, is caused by an unspecified error in the XMLHTTP 4.0 ActiveX control, which is a part of Microsoft XML Core Services 4.0 included in products like Microsoft Visual Studio. This control is not a default component of Microsoft Windows XP or Internet Explorer, but some other applications are installed along with it, as they need it to work properly.

According to security experts, an exploit is circulating in the Internet, and hackers began using it on malware distributing sites. An exploit appears to be quite buggy and sometimes doesn’t work as intended. However, it still poses a great risk, since both Internet Explorer 6 and Internet Explorer 7 are affected – each web browser supports ActiveX.

Microsoft confirmed the flaw, but didn’t release any patch yet. Only security advisory is available. It describes the vulnerability and provides tested workarounds. The most recommended is setting the kill bit for the XMLHTTP 4.0 ActiveX control in the registry.

To set the kill bit for a CLSID with a value of {88d969c5-f192-11d4-a65f-0040963251e5} paste the following text in a text editor such as Notepad. Then, save the file by using the .reg file name extension.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{88d969c5-f192-11d4-a65f-0040963251e5}]
“Compatibility Flags”=dword:00000400

You can apply this .reg file to individual systems by double-clicking it.


Files
Software
Compare
Like us on Facebook