Vulnerability Protection

Vulnerability in MSXML Could Allow Information Disclosure

Details

Report ID:

MS20170317

Date Published:

15 March 2017

Date Revised:

Criticality:

Important

Compromise Type:

Information disclosure

Compromise From:

Remote

Affected Product/Component:

Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2
Windows 8.1
Windows Server 2012 and Windows Server 2012 R2
Windows RT 8.1
Windows 10
Windows Server 2016

Summary

A vulnerability in Microsoft XML Core Services (MSXML) could disclose sensitive information on a target system, if successfully exploited. 

Detailed Description

Microsoft has released a security update for Microsoft XML Core Services (MSXML) to address an information disclosure vulnerability. The vulnerability was caused by improper handling of objects in memory, and it can be exploited into allowing an attacker to test for the presence of files on disk. This issue has been rectified by modifying the way MSXML handles objects in memory.  

CVE Reference

CVE-2017-0022

Solution

Install the latest security patch for applicable system, available for download from https://technet.microsoft.com/en-us/library/security/MS17-022

Source

Microsoft Security Bulletin MS17-022