New Exploit Targets Microsoft XML Core Services
“The vulnerability exists when MSXML attempts to access an object in memory that has not been initialized, which may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the logged-on user,” Microsoft's security advisory site stated.
“This is very consistent with cross browser and man-in-the-browser attacks that leverage the browser as the point of entry into the operating system,” said Tom Kellermann, vice president of cyber security for Trend Micro. “The Web 3.0 environment, with mobile devices and the cloud, is fundamentally dependent upon the browser experience. In 2012, the dependence upon the browser is much stronger than it would have been five years ago. So we can expect to see a lot of these types of attacks.”
[Related: RDP, IE Security Fixes Top Microsoft Patch Tuesday ]
Kellermann also noted that the latest string of malware attacks comes on the heels of Microsoft Patch Tuesday, though he added it’s impossible to know whether the hackers were deliberately waiting for that event to pass.
Microsoft, Trend Micro, and other vendors are distributing stop-gap measures that can be put into place until a permanent patch is finalized.
“We have developed a virtual shield to defend our user base against this exploit,” Kellermann told CRN. “We developed this through our network of over 100 million nodes from which we can draw information. So we know within minutes of a new attack that's taking place in the wild. Within hours we can build a virtual shield to combat against this sort of thing. This is a zero-day phenomenon. Nobody saw this coming.”
Microsoft continues to engage partners in its Active Protections Program to investigate the outbreak and effect in order to determine an appropriate solution. Meanwhile, a Microsoft “Fix it” solution is also available to block the attack vector while the patch is developed. The company encourages customers to apply the temporary solution as soon as possible.