The new bug, which is in an ActiveX component of Microsoft XML Core Services 4.0 -- a service that lets developers use scripting languages such as JavaScript and Visual Basic to access XML documents -- is being put to work now by attackers, Microsoft admitted in a security advisory posted late Friday.
"We are aware of limited attacks that are attempting to use the reported vulnerability," said Ben Richeson, a program manager with the Microsoft Security Response Center, in a blog entry Saturday. "We'll continue to monitor the situation and provide updates should the situation change," Richeson added.
Attack targets new unpatched Windows bug
Posted on Tuesday, November 07 2006 @ 18:26 CET by Thomas De Maesschalck