Microsoft to 'killbit' MSXML4

Summary:Less than six months after the discovery of zero-day attacks against Microsoft XML Core Services 4.0, Microsoft plans to "killbit" MSXML4 and completely remove the XML parser from its download center.

Less than six months after the discovery of zero-day attacks against Microsoft XML Core Services 4.0, Microsoft plans to "killbit" MSXML4 and completely remove the XML parser from its download center.

The killbit, also known as a registry key update, applies to Internet Explorer only and is expected to happen in the October-December 2007 time frame, according to a notice posted to Redmond's XML team blog.

"We are announcing this in advance so that our customers get sufficient time to try their applications with MSXML6 and give us feedback on their experience," the group said.

Support for MSXML4 going forward will be restricted to high impact security issues only.

The decision comes on the heels of last November's malware attacks against a code execution vulnerability in the XMLHTTP ActiveX control within Microsoft XML Core Services. This flaw affected systems where MSXML4 was installed.

Microsoft released a security bulletin (MS06-071) with patches to address the vulnerability.

Topics: Security, CXO, Microsoft

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.