Microsoft in another major security flaw

On the 30th of May Google discovered a security flaw in a Microsoft product. Google says that over the past two weeks Microsoft and Google have been working together to resolve the problem. Google says: ‘These attacks are being distributed both via malicious web pages intended for Internet Explorer users and through Office documents. Users running Windows XP up to and including Windows 7 are known to be vulnerable’

The security flaw involves an uninitialized variable in the Microsoft XML component. This flaw is being actively exploited right now, in targeted attacks, according to Google.

Microsoft issued a fix today and also a security advisory:

Microsoft also thanked Google but whereas Google claims to have discovered the security flaw, Microsoft actually credits Qihoo 360 (China) with the credit for discovering the flaw and thanks Google for ‘working with us’.