Home
Resources
Training
About Us
eStore

>

resources > bulletins > MS06-071

 

 

 

 

 

 

 

Latest Blog: Log monitoring and the Terry Childs/City of San Francisco debacle

  

Microsoft Security Bulletin MS06-071 - Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (928088)

This critical and public vulnerability in XML  Core Services 4.0 and 6.0 is being exploited in ongoing attacks to execute arbitrary code on a victim’s computer through malicious web or email based XML content.  I recommend immediately setting the kill bit on the XMLHTTP ActiveX control for systems with 4.0 or 6.0 installed or installing the patch as soon as possible.  You can use my free KillBits ADM template to automate this through group policy.  No complete list of applications that install XML  Core Services 4.0 and 6.0 is available so you should probably assume that your systems are vulnerable. 

Get this valuable commentary each month as soon as Microsoft releases security updates!

Free log parser scripts, a clear explanation of Microsoft's latest security bulletin, helpful security tips, how-to's and more.

Email address:
 

Newsletter archive
Your e-mail address will be held strictly confidential and you can unsubscribe at any time.


Upcoming Webinars by Randy Franklin Smith

IT Audit: Understanding Active Directory Structure and How It Makes Auditing AD Different

Security Log Secrets: Auditing Unauthorized, Unrecognized Software

Filling the Gap in Windows Configuration Baselining


Additional Links

A
D
V

NEW! GFI EventsManager 8 Extends Event Management Capabilities. Find Out More.

Get Randy's Security Log Resource Kit


Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2007 Monterey Technology Group, All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk.

Site Map