Microsoft has released Security Advisory 2719615 to address a vulnerability in Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0. This vulnerability may allow an attacker to execute arbitrary code if a user accesses specially crafted web pages using Internet Explorer. According to the advisory, this vulnerability is currently being exploited in the wild.
US-CERT encourages users and administrators to review Microsoft Security Advisory 2719615. The advisory indicates that the workaround does not correct the vulnerability, but it may help mitigate the risk against known attack vectors.
Update: Additional information regarding CVE-2012-1889 can be found in the US-CERT Technical Alert TA12-174A.
This product is provided subject to this Notification and this Privacy & Use policy.