Microsoft is releasing two patches on Tuesday, November 11, to fix some critical security holes in both its operating system, and Microsoft Office.
One has been given a rating of Critical, where XML can be used for Remote Code Execution in both Windows and Microsoft Office, while the other has been labeled as Important, only affecting the Windows operating system itself. Attacks seem to be located in the Windows Extensible Markup Language (XML) Core versions 3.0, 4.0, and 6.0. XML programs are used for creating web languages, and encode data over the internet.
Vulnerabilities have been identified in the following software:
- Windows 2000 Service Pack 4
- Windows XP Service Pack 2 and 3
- Windows Server 2003 Service Pack 1 and 2
- Windows Server 2008
- Windows Vista and Windows Vista Service Pack 1
- Microsoft Office 2003 with Service Pack 3
- Microsoft Office 2007
Both patches require a restart.
More Information: Microsoft Security Bulletin