New bug found in Microsoft's Core Services

An "extremely critical" vulnerability has been discovered in Microsoft's XML Core Services, according to several security firms.

The vulnerability, caused by an unspecified error in the XMLHTTP 4.0 ActiveX Control, could be used to seize control of an affected system, according to note posted on Secunia, a security company based in Denmark.

IBM-owned ISS X-Force detailed on its site the kind of damage that could be caused by the vulnerability.

"This could lead to loss of confidential information, disruption of business, or further compromise," according to the security firm.
Read more...