In one of our reports, earlier this month it had been revealed that Google would begin issuing prompt warnings atop the pages of those users, who they believe may become The target of state-sponsored attacks. This move by the search giant is part of their activity involving looking out for malicious activity on the web and taking appropriate actions. And now, a security glitch in Internet Explorer is causing some Gmail users to get messages warning them that they may be the target of a suspected state-sponsored attack.
In their advisory, Microsoft writes, “Microsoft is aware of active attacks that leverage a vulnerability in Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0. The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer.” Explaining this further, Microsoft writes in its advisory that an attacker cannot force users to visit such a website, and instead he will have convince a user to visit the website by tricking them into it – by “getting them to click a link in an email message or Instant Messenger message that takes them to the attacker's website.”
A security glitch triggering warning messages
Microsoft has in their advisory revealed that the vulnerability affects all supported releases of Microsoft Windows, and all supported editions of Microsoft Office 2003 and Microsoft Office 2007. “The vulnerability exists when MSXML attempts to access an object in memory that has not been initialized, which may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the logged-on user,” the advisory noted further. Once done with their investigation, Microsoft assures of action to help protect their customers, and some of these measures may include – providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.
To know more of the issue, as well as the list of affected software, click here.