Microsoft to 'killbit' MSXML4

Less than six months after the discovery of zero-day attacks against Microsoft XML Core Services 4.0, Microsoft plans to "killbit" MSXML4 and completely remove the XML parser from its download center.

Less than six months after the discovery of zero-day attacks against Microsoft XML Core Services 4.0, Microsoft plans to "killbit" MSXML4 and completely remove the XML parser from its download center.

The killbit, also known as a registry key update, applies to Internet Explorer only and is expected to happen in the October-December 2007 time frame, according to a notice posted to Redmond's XML team blog.

"We are announcing this in advance so that our customers get sufficient time to try their applications with MSXML6 and give us feedback on their experience," the group said.

Support for MSXML4 going forward will be restricted to high impact security issues only.

The decision comes on the heels of last November's malware attacks against a code execution vulnerability in the XMLHTTP ActiveX control within Microsoft XML Core Services. This flaw affected systems where MSXML4 was installed.

Microsoft released a security bulletin (MS06-071) with patches to address the vulnerability.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All