Guyio

**Name of the Vulnerable Software and Affected Versions** Microsoft XML Core Services versions prior to the fixed version Windows 7 Windows Server 2012 R2 Windows RT 8.1 Windows Server 2008 Windows Server 2019 Windows Server 2012 Windows 8.1 Windows Server 2016 Windows Server 2008 R2 Windows 10 Windows 10 Servers **Description** The issue is related to the incorrect restriction of XML links to external objects in Microsoft XML Core Services. This can be exploited by a remote attacker using a specially crafted web page, potentially allowing the execution of arbitrary code. The vulnerability affects various Windows operating systems and can be exploited remotely. **Recommendations** For Windows 7, consider applying the relevant security patch to fix the issue. For Windows Server 2012 R2, apply the security update to resolve the vulnerability. For Windows RT 8.1, install the latest security patch to mitigate the risk. For Windows Server 2008, apply the recommended fix to address the issue. For Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, and Windows 10 Servers, update to the latest version or apply the relevant security patch to fix the vulnerability. As a temporary workaround, consider restricting the use of the MSXML parser until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 60 **Description** The issue is caused by incorrect boundary checking during number formatting in the XSLT implementation of the Firefox browser. This can lead to a buffer overflow and crash, potentially allowing a remote attacker to cause a denial of service or execute arbitrary code. **Recommendations** For versions prior to 60, update to version 60 or later to resolve the issue. As a temporary workaround, consider restricting the use of XSLT transformations to minimize the risk of exploitation.