Microsoft is investigating public reports of a remote code execution vulnerability in supported editions of Windows XP and Windows Server 2003 with Windows Internet Explorer 7 installed. We are not aware of attacks that try to use the reported vulnerability or of customer impact at this time. Microsoft is investigating the public reports....
This week we became aware of publicly disclosed exploit code being used in limited attacks on customers. This change in the threat landscape has prompted us to update last week’s Security Advisory 943521 and triggered our Software Security Incident Response Plan (SSIRP).
Third party applications are currently being used as the vector for attack and customers who have applied the security updates available from these vendors are currently protected. However, because the vulnerability mentioned in this advisory is in the Microsoft Windows ShellExecute function, these third party updates do not resolve the vulnerability – they just close an attack vector...
Microsoft MVP - Consumer Security 2007-2012
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Help
Back to top
