An exploit for an unpatched vulnerability in the Microsoft XML Core Services (MSXML) has been incorporated into Blackhole, one of the most widely used Web attack toolkits, according to security researchers from Sophos. The security flaw is identified as CVE-2012-1889 and is what security researchers call a zero-day vulnerability. Microsoft published a security advisory regarding this security flaw on June 12 and provided users with several work-arounds for it, including a semi-automated “Fix it” solution.”]