10Nis
MS12-025 and XBAP: No longer a driveby threat
One of the security bulletins released today, MS12-025, addresses a code execution vulnerability in the .NET Framework. To exploit the vulnerability, an attacker would build a malicious XBAP application and lure victims to a malicious website serving the XBAP. The good news is that a zero-click “driveby” style attack is no longer possible from the Internet on workstations where MS11-044 (published June 2011) has been installed.