Ben Richeson here. I wanted to let you know that we just posted Microsoft Security Advisory (927892) about our investigation of public reports of a vulnerability in the XMLHTTP 4.0 ActiveX Control, part of Microsoft XML Core Services 4.0 on Windows. We are aware of limited attacks that are attempting to use the reported vulnerability.
We’re tracking this issue through our Software Security Incident Response Process and there is information in the advisory with steps that customers can take to help protect themselves.
As always, we’ll continue to monitor the situation and provide updates to the advisory should the situation change or we become aware of new information.
*This posting is provided “AS IS” with no warranties, and confers no rights.*