{"id":461,"date":"2012-06-23T08:30:29","date_gmt":"2012-06-23T08:30:29","guid":{"rendered":"http:\/\/www.bsk-consulting.de\/?p=461"},"modified":"2022-03-25T14:12:08","modified_gmt":"2022-03-25T13:12:08","slug":"microsoft-xml-core-schwachstelle-workaround-2719615","status":"publish","type":"post","link":"https:\/\/www.nextron-systems.com\/2012\/06\/23\/microsoft-xml-core-schwachstelle-workaround-2719615\/","title":{"rendered":"Microsoft XML Core Services Schwachstelle Workaround 2719615"},"content":{"rendered":"<p>[et_pb_section fb_built=&#8221;1&#8243; admin_label=&#8221;section&#8221; _builder_version=&#8221;3.22&#8243;][et_pb_row admin_label=&#8221;row&#8221; _builder_version=&#8221;3.25&#8243; background_size=&#8221;initial&#8221; background_position=&#8221;top_left&#8221; background_repeat=&#8221;repeat&#8221;][et_pb_column type=&#8221;4_4&#8243; _builder_version=&#8221;3.25&#8243; custom_padding=&#8221;|||&#8221; custom_padding__hover=&#8221;|||&#8221;][et_pb_text admin_label=&#8221;Text&#8221; _builder_version=&#8221;4.4.3&#8243; background_size=&#8221;initial&#8221; background_position=&#8221;top_left&#8221; background_repeat=&#8221;repeat&#8221; hover_enabled=&#8221;0&#8243;]Laut einer Meldung des US-CERT wird derzeit die bisher ungepatchte Schwachstelle an den Microsoft Core Services aus dem Advisory\u00a02719615 massiv ausgenutzt. Die Schwachstelle an den XML Core Services f\u00fchrt dazu, dass Software, die diesen Service nutzt, implizit auch Schwachstellen aufweist. Es sind alle Plattformen betroffen, auch die Serversysteme 2008 Server und Windows 7.<br \/>\nDie betroffene Software, die direkt per Drive-By Download zur Ausf\u00fchrung von Code gebracht werden kann ist:<\/p>\n<ul>\n<li>Internet Explorer (alle Versionen)<\/li>\n<li>Microsoft Office 2003<\/li>\n<li>Microsoft Office 2007<\/li>\n<\/ul>\n<p>Microsoft stellt ein <a title=\"Fixit XML Core Services\" href=\"http:\/\/support.microsoft.com\/kb\/2719615\" target=\"_blank\" rel=\"noopener noreferrer\">Fixit<\/a> in Form eines MSI Paketes bereit, mit dessen Hilfe man das Problem beheben kann. Das Advisory von Microsoft findet sich <a title=\"Advisory \" href=\"https:\/\/technet.microsoft.com\/en-us\/security\/advisory\/2719615\" target=\"_blank\" rel=\"noopener noreferrer\">hier<\/a>.<br \/>\nAber auch beim Surfen mit Google Chrome und Firefox bestehen Risiken, denn diese f\u00fchren h\u00e4ufig ein Microsoft Office Plugin mit sich, dass man sicherheitshalber deaktivieren sollte. Clients, die mit diesen Plugins Webseiten ansurfen, k\u00f6nnen mit schadhaftem Code versehene Office-Dokumente direkt im Browser aufrufen, ohne erforderliche Benutzerinteraktion. Die schadhaften Office-Dokumente werden einfach in die Website eingebettet.<\/p>\n<h2>Google Chrome<\/h2>\n<p>Die aktiven und inaktiven Plugins findet man in Chrome \u00fcber die Eingabe von &#8220;about:plugins&#8221; in der URL Leiste. Das Plugin &#8220;Microsoft Office&#8221; ist zu deaktivieren.<br \/>\n<img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-462\" title=\"screenshot.1260879924\" src=\"\/wp-content\/uploads\/2012\/06\/screenshot.1260879924.jpg\" alt=\"\" width=\"433\" height=\"360\" srcset=\"https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2012\/06\/screenshot.1260879924.jpg 433w, https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2012\/06\/screenshot.1260879924-300x249.jpg 300w\" sizes=\"(max-width: 433px) 100vw, 433px\" \/><\/p>\n<h2>Mozilla Firefox<\/h2>\n<p>In Firefox w\u00e4hlt man am Besten den Weg \u00fcber &#8220;Firefox &gt; Add-ons &gt; Plugins&#8221;. Hier deaktiviert man das &#8220;Microsoft Office Live Plugin for Firefox &#8230;&#8221;.<br \/>\n<img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-463 size-full\" title=\"screenshot.1260879926\" src=\"\/wp-content\/uploads\/2012\/06\/screenshot.1260879926.jpg\" alt=\"\" width=\"922\" height=\"574\" srcset=\"\/wp-content\/uploads\/2012\/06\/screenshot.1260879926.jpg 922w, \/wp-content\/uploads\/2012\/06\/screenshot.1260879926-480x299.jpg 480w\" sizes=\"(min-width: 0px) and (max-width: 480px) 480px, (min-width: 481px) 922px, 100vw\" \/>[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Laut einer Meldung des US-CERT wird derzeit die bisher ungepatchte Schwachstelle an den Microsoft Core Services aus dem Advisory\u00a02719615 massiv ausgenutzt. Die Schwachstelle an den XML Core Services f\u00fchrt dazu, dass Software, die diesen Service nutzt, implizit auch Schwachstellen aufweist. Es sind alle Plattformen betroffen, auch die Serversysteme 2008 Server und Windows 7. Die betroffene Software, die direkt per Drive-By Download zur Ausf\u00fchrung von Code gebracht werden kann ist: Internet Explorer (alle Versionen) Microsoft Office 2003 Microsoft Office 2007 Microsoft stellt ein Fixit in Form eines MSI Paketes bereit, mit dessen Hilfe man das Problem beheben kann. Das Advisory von Microsoft findet sich hier. Aber auch beim Surfen mit Google Chrome und Firefox bestehen Risiken, denn diese f\u00fchren h\u00e4ufig ein Microsoft Office Plugin mit sich, dass man sicherheitshalber deaktivieren sollte. Clients, die mit diesen Plugins Webseiten ansurfen, k\u00f6nnen mit schadhaftem Code versehene Office-Dokumente direkt im Browser aufrufen, ohne erforderliche Benutzerinteraktion. Die schadhaften Office-Dokumente werden einfach in die Website eingebettet. Google Chrome Die aktiven und inaktiven Plugins findet man in Chrome \u00fcber die Eingabe von &#8220;about:plugins&#8221; in der URL Leiste. Das Plugin &#8220;Microsoft Office&#8221; ist zu deaktivieren. Mozilla Firefox In Firefox w\u00e4hlt man am Besten den Weg \u00fcber &#8220;Firefox &gt; Add-ons [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"Laut einer Meldung des US-CERT wird derzeit die bisher ungepatchte Schwachstelle an den Microsoft Core Services aus dem Advisory\u00a02719615 massiv ausgenutzt. Die Schwachstelle an den XML Core Services f\u00fchrt dazu, dass Software, die diesen Service nutzt, implizit auch Schwachstellen aufweist. Es sind alle Plattformen betroffen, auch die Serversysteme 2008 Server und Windows 7.\r\nDie betroffene Software, die direkt per Drive-By Download zur Ausf\u00fchrung von Code gebracht werden kann ist:\r\n<ul>\r\n \t<li>Internet Explorer (alle Versionen)<\/li>\r\n \t<li>Microsoft Office 2003<\/li>\r\n \t<li>Microsoft Office 2007<\/li>\r\n<\/ul>\r\nMicrosoft stellt ein <a title=\"Fixit XML Core Services\" href=\"http:\/\/support.microsoft.com\/kb\/2719615\" target=\"_blank\" rel=\"noopener noreferrer\">Fixit<\/a> in Form eines MSI Paketes bereit, mit dessen Hilfe man das Problem beheben kann. Das Advisory von Microsoft findet sich <a title=\"Advisory \" href=\"https:\/\/technet.microsoft.com\/en-us\/security\/advisory\/2719615\" target=\"_blank\" rel=\"noopener noreferrer\">hier<\/a>.\r\nAber auch beim Surfen mit Google Chrome und Firefox bestehen Risiken, denn diese f\u00fchren h\u00e4ufig ein Microsoft Office Plugin mit sich, dass man sicherheitshalber deaktivieren sollte. Clients, die mit diesen Plugins Webseiten ansurfen, k\u00f6nnen mit schadhaftem Code versehene Office-Dokumente direkt im Browser aufrufen, ohne erforderliche Benutzerinteraktion. Die schadhaften Office-Dokumente werden einfach in die Website eingebettet.\r\n<h2>Google Chrome<\/h2>\r\nDie aktiven und inaktiven Plugins findet man in Chrome \u00fcber die Eingabe von \"about:plugins\" in der URL Leiste. Das Plugin \"Microsoft Office\" ist zu deaktivieren.\r\n<a href=\"\/2012\/06\/23\/microsoft-xml-core-schwachstelle-workaround-2719615\/screenshot-1260879924\/\" rel=\"attachment wp-att-462\"><img class=\"alignnone size-full wp-image-462\" title=\"screenshot.1260879924\" src=\"\/wp-content\/uploads\/2012\/06\/screenshot.1260879924.jpg\" alt=\"\" width=\"433\" height=\"360\" \/><\/a>\r\n<h2>Mozilla Firefox<\/h2>\r\nIn Firefox w\u00e4hlt man am Besten den Weg \u00fcber \"Firefox &gt; Add-ons &gt; Plugins\". Hier deaktiviert man das \"Microsoft Office Live Plugin for Firefox ...\".\r\n<a href=\"\/2012\/06\/23\/microsoft-xml-core-schwachstelle-workaround-2719615\/screenshot-1260879926\/\" rel=\"attachment wp-att-463\"><img class=\"alignnone wp-image-463 size-full\" title=\"screenshot.1260879926\" src=\"https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2012\/06\/screenshot.1260879926.jpg\" alt=\"\" width=\"922\" height=\"574\" \/><\/a>","_et_gb_content_width":"","footnotes":""},"categories":[327,335],"tags":[358,113,330,235,359,360,361],"class_list":["post-461","post","type-post","status-publish","format-standard","hentry","category-alert","category-security-fix","tag-358","tag-core","tag-fix","tag-microsoft","tag-service","tag-workaround","tag-xml"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Microsoft XML Core Services Schwachstelle Workaround 2719615 - Nextron Systems<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.nextron-systems.com\/2012\/06\/23\/microsoft-xml-core-schwachstelle-workaround-2719615\/\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.nextron-systems.com\/2012\/06\/23\/microsoft-xml-core-schwachstelle-workaround-2719615\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.nextron-systems.com\/2012\/06\/23\/microsoft-xml-core-schwachstelle-workaround-2719615\/\"},\"author\":{\"name\":\"Florian Roth\",\"@id\":\"https:\/\/www.nextron-systems.com\/#\/schema\/person\/4fd503007d60aabaf1ae747502f36919\"},\"headline\":\"Microsoft XML Core Services Schwachstelle Workaround 2719615\",\"datePublished\":\"2012-06-23T08:30:29+00:00\",\"dateModified\":\"2022-03-25T13:12:08+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.nextron-systems.com\/2012\/06\/23\/microsoft-xml-core-schwachstelle-workaround-2719615\/\"},\"wordCount\":292,\"publisher\":{\"@id\":\"https:\/\/www.nextron-systems.com\/#organization\"},\"keywords\":[\"2719615\",\"core\",\"fix\",\"Microsoft\",\"service\",\"workaround\",\"xml\"],\"articleSection\":[\"Alert\",\"Security Fix\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.nextron-systems.com\/2012\/06\/23\/microsoft-xml-core-schwachstelle-workaround-2719615\/\",\"url\":\"https:\/\/www.nextron-systems.com\/2012\/06\/23\/microsoft-xml-core-schwachstelle-workaround-2719615\/\",\"name\":\"Microsoft XML Core Services Schwachstelle Workaround 2719615 - Nextron Systems\",\"isPartOf\":{\"@id\":\"https:\/\/www.nextron-systems.com\/#website\"},\"datePublished\":\"2012-06-23T08:30:29+00:00\",\"dateModified\":\"2022-03-25T13:12:08+00:00\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.nextron-systems.com\/2012\/06\/23\/microsoft-xml-core-schwachstelle-workaround-2719615\/\"]}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.nextron-systems.com\/#website\",\"url\":\"https:\/\/www.nextron-systems.com\/\",\"name\":\"Nextron Systems\",\"description\":\"We Detect Hackers\",\"publisher\":{\"@id\":\"https:\/\/www.nextron-systems.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.nextron-systems.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.nextron-systems.com\/#organization\",\"name\":\"Nextron Systems GmbH\",\"url\":\"https:\/\/www.nextron-systems.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.nextron-systems.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2017\/11\/Nextron_0.2s_inv_symbol_only.png\",\"contentUrl\":\"https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2017\/11\/Nextron_0.2s_inv_symbol_only.png\",\"width\":260,\"height\":260,\"caption\":\"Nextron Systems GmbH\"},\"image\":{\"@id\":\"https:\/\/www.nextron-systems.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.nextron-systems.com\/#\/schema\/person\/4fd503007d60aabaf1ae747502f36919\",\"name\":\"Florian Roth\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.nextron-systems.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/0dfaa838ce5d82e2e7bfa75ed3f43ae5?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/0dfaa838ce5d82e2e7bfa75ed3f43ae5?s=96&d=mm&r=g\",\"caption\":\"Florian Roth\"},\"description\":\"Florian Roth serves as the Head of Research and Development at Nextron Systems. With a background in IT security since 2000, he has delved deep into nation-state cyber attacks since 2012. Florian has developed the THOR Scanner and actively engages with the community via his Twitter handle @cyb3rops. He has contributed to open-source projects, including 'Sigma', a generic SIEM rule format, and 'LOKI', an open-source scanner. Additionally, he has shared valuable resources like a mapping of APT groups and operations and an Antivirus Event Analysis Cheat Sheet.\",\"url\":\"https:\/\/www.nextron-systems.com\/author\/florian\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Microsoft XML Core Services Schwachstelle Workaround 2719615 - Nextron Systems","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.nextron-systems.com\/2012\/06\/23\/microsoft-xml-core-schwachstelle-workaround-2719615\/","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.nextron-systems.com\/2012\/06\/23\/microsoft-xml-core-schwachstelle-workaround-2719615\/#article","isPartOf":{"@id":"https:\/\/www.nextron-systems.com\/2012\/06\/23\/microsoft-xml-core-schwachstelle-workaround-2719615\/"},"author":{"name":"Florian Roth","@id":"https:\/\/www.nextron-systems.com\/#\/schema\/person\/4fd503007d60aabaf1ae747502f36919"},"headline":"Microsoft XML Core Services Schwachstelle Workaround 2719615","datePublished":"2012-06-23T08:30:29+00:00","dateModified":"2022-03-25T13:12:08+00:00","mainEntityOfPage":{"@id":"https:\/\/www.nextron-systems.com\/2012\/06\/23\/microsoft-xml-core-schwachstelle-workaround-2719615\/"},"wordCount":292,"publisher":{"@id":"https:\/\/www.nextron-systems.com\/#organization"},"keywords":["2719615","core","fix","Microsoft","service","workaround","xml"],"articleSection":["Alert","Security Fix"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.nextron-systems.com\/2012\/06\/23\/microsoft-xml-core-schwachstelle-workaround-2719615\/","url":"https:\/\/www.nextron-systems.com\/2012\/06\/23\/microsoft-xml-core-schwachstelle-workaround-2719615\/","name":"Microsoft XML Core Services Schwachstelle Workaround 2719615 - Nextron Systems","isPartOf":{"@id":"https:\/\/www.nextron-systems.com\/#website"},"datePublished":"2012-06-23T08:30:29+00:00","dateModified":"2022-03-25T13:12:08+00:00","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.nextron-systems.com\/2012\/06\/23\/microsoft-xml-core-schwachstelle-workaround-2719615\/"]}]},{"@type":"WebSite","@id":"https:\/\/www.nextron-systems.com\/#website","url":"https:\/\/www.nextron-systems.com\/","name":"Nextron Systems","description":"We Detect Hackers","publisher":{"@id":"https:\/\/www.nextron-systems.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.nextron-systems.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.nextron-systems.com\/#organization","name":"Nextron Systems GmbH","url":"https:\/\/www.nextron-systems.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.nextron-systems.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2017\/11\/Nextron_0.2s_inv_symbol_only.png","contentUrl":"https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2017\/11\/Nextron_0.2s_inv_symbol_only.png","width":260,"height":260,"caption":"Nextron Systems GmbH"},"image":{"@id":"https:\/\/www.nextron-systems.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.nextron-systems.com\/#\/schema\/person\/4fd503007d60aabaf1ae747502f36919","name":"Florian Roth","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.nextron-systems.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/0dfaa838ce5d82e2e7bfa75ed3f43ae5?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/0dfaa838ce5d82e2e7bfa75ed3f43ae5?s=96&d=mm&r=g","caption":"Florian Roth"},"description":"Florian Roth serves as the Head of Research and Development at Nextron Systems. With a background in IT security since 2000, he has delved deep into nation-state cyber attacks since 2012. Florian has developed the THOR Scanner and actively engages with the community via his Twitter handle @cyb3rops. He has contributed to open-source projects, including 'Sigma', a generic SIEM rule format, and 'LOKI', an open-source scanner. Additionally, he has shared valuable resources like a mapping of APT groups and operations and an Antivirus Event Analysis Cheat Sheet.","url":"https:\/\/www.nextron-systems.com\/author\/florian\/"}]}},"_links":{"self":[{"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/posts\/461","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/comments?post=461"}],"version-history":[{"count":4,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/posts\/461\/revisions"}],"predecessor-version":[{"id":7636,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/posts\/461\/revisions\/7636"}],"wp:attachment":[{"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/media?parent=461"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/categories?post=461"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/tags?post=461"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}