Microsoft's XML 0-day fix expected in July Patch Tuesday Microsoft is planning to release nine bulletins, three critical, as part of the July edition of its Patch Tuesday monthly update cycle. One of the three crucial advisories is expected* to offer patches for a serious XML Core Services vulnerability, disclosed but not fixed in June’s Patch Tuesday. This vulnerability has been …
An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user.
[broken-record] Running as a non-admin would prevent anything exploiting this from breaking the OS. [/broken-record]
(I want to see a "nothing to see here, move along" icon.)
..all your Corporate Drone User Files (think weapons blueprints) might be shipped to Moldavia. Or Shenzen. Or Pyongyang.
Yeah, sandboxing should catch it, but only if there is a sandbox involved. Is your MS Office OOXML parser sandboxed ?? Not ? You better use a different account to view any external *docx or *xlsx.
What ? You braindead corpo policy forbids more than one account per drone ? Sorry, you and your files are stuffed.
It seems to have re-appeared on my Windows Update, but I haven't installed it. Given recent developments, how do I know it isn't teh vvrus?
In other news, my flaky Dell Latitude ST seems to be even flakier since I installed Opera 12.00. I've decided to run any novel web sites in Firefox instead. Teh Register seems to be able to make Opera crash my Dell. Maybe the new plugin handler...
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
