In addition to this month’s regular batch of security bulletins from Microsoft, the company has also issued a new Security Advisory (2719615) concerning a flaw in a Windows software component called XML Core Services, versions 3.0, 4.0, 5.0, and 6.0. This software component is widely used in Microsoft products; all supported versions of Windows (including Server Core installations), Microsoft Office 2003, and Office 2007 are affected. The vulnerability would allow an attacker to access the target system with the same privileges as the logged-in user, if the user visited a maliciously crafted Web page. (The most likely scenario for a successful attack would involve the user clicking on a malicious link with Internet Explorer.) There is some evidence that this vulnerability (which has been assigned CVE-2012-1889) is being actively exploited.
At this point, Microsoft has not issued a Security Bulletin or patch for the vulnerability. However, it has provided a “FixIt” mitigation that can be applied to block the known attack vector. More information on the mitigation, and download links, are in the corresponding Knowledge Base article (2719615).
Since this vulnerability is, apparently, being exploited, I recommend that you apply the “FixIt” mitigation as soon as you conveniently can; but you should carefully read the Security Advisory and Knowledge Base article first, especially if you are working on a production system. These cheap and cheerful quick fixes have been known to have problems, (Again, this advisory is in addition to the regular monthly patch announcement.) An additional mitigation step, which I recommend on general principles, is to use a browser other than Internet Explorer — specifically, one that does not support Active X, a Microsoft technology which, in my view, is defective by design. (Either Firefox or Google Chrome qualifies.) Avoiding Internet Explorer does not, however, provide complete protection, since the flawed software components are used in other parts of Windows,
I will try to post updates on this vulnerability as more information becomes available