« previous next »
Pages: [1]   Go Down

Author Topic: Microsoft Confirms Critical Windows XP Bug  (Read 432 times)

Offline TequilaChaser

  • AH Training Corps - Retired
  • Plutonium Member
  • *******
  • Posts: 10173
      • The Damned - founded by Ptero in 1988
Microsoft Confirms Critical Windows XP Bug
« on: June 12, 2010, 06:07:23 AM »
Microsoft on Thursday confirmed that Windows XP and Windows Server 2003 contain an unpatched bug that could be used to infect PCs by duping users into visiting rigged Web sites or opening attack e-mail. The company said it has seen no active in-the-wild attacks exploiting the vulnerability.

The bug in Windows' Help and Support Center -- a component that lets users access and download Microsoft help files from the Web -- doesn't properly parse the "hcp" protocol handler, Microsoft said in an advisory issued Thursday afternoon. Attackers can leverage the vulnerability by enticing users to malicious or hacked Web sites, or by convincing them to open malformed e-mail messages.

Windows Vista, Windows 7, Windows Server and Windows Server 2008 R2 are not vulnerable to the attack.

Source: PC World  http://www.pcworld.com/article/198574/Microsoft_Confirms_Critical_Windows_XP_Bug.html?tk=rss_news

Full Report can be found at above link
Logged
"When one considers just what they should say to a new pilot who is logging in Aces High, the mind becomes confused in the complex maze of info it is necessary for the new player to know. All of it is important; most of it vital; and all of it just too much for one brain to absorb in 1-2 lessons" TC

Offline DREDIOCK

  • Plutonium Member
  • *******
  • Posts: 17775
Re: Microsoft Confirms Critical Windows XP Bug
« Reply #1 on: June 12, 2010, 06:33:38 AM »
Microsoft should just eliminate the "help and support" center all together.
In almost 20 years I've not one single time found it to be either helpful or supportive.
Logged
Death is no easy answer
For those who wish to know
Ask those who have been before you
What fate the future holds
It ain't pretty

Offline Hawk55

  • Nickel Member
  • ***
  • Posts: 458
Re: Microsoft Confirms Critical Windows XP Bug
« Reply #2 on: June 12, 2010, 08:58:20 AM »
Quote from: DREDIOCK on June 12, 2010, 06:33:38 AM
Microsoft should just eliminate the "help and support" center all together.
In almost 20 years I've not one single time found it to be either helpful or supportive.

I concurr...I've always disabled this nusance service.   :rock
Logged
The Lynchmob-Outlaws--HAWK

Offline TequilaChaser

  • AH Training Corps - Retired
  • Plutonium Member
  • *******
  • Posts: 10173
      • The Damned - founded by Ptero in 1988
Update: Unpatched Windows XP-related hole exploited in attacks
« Reply #3 on: June 15, 2010, 11:16:58 PM »
Update:  Unpatched Windows XP-related hole exploited in attacks

Malicious hackers were found to be exploiting a hole on Tuesday affecting Windows XP that a Google researcher disclosed last week before Microsoft had a chance to fix it, the software giant confirmed.

There was "limited exploitation" of the unpatched vulnerability, Jerry Bryant, group manager for response communications at Microsoft, said in an e-mail statement. The exploits have been taken down from the Web, but Bryant said he expects there to be further attacks "given the public disclosure of full details of the issue."

"We want to reiterate that customers using Windows 2000, Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2 are not affected. Additionally, Windows Server 2003 customers are not at risk based on the attack samples we have analyzed," he said. "We encourage Windows XP customers to install the workaround provided in the advisory via a Microsoft FixIt. We continue to monitor the threat landscape and will keep customers updated via our blog at http://blogs.technet.com/b/msrc and our Twitter handle, www.twitter.com/msftsecresponse."

The vulnerability, which is in the online Windows Help and Support Center, could enable an attacker to take control of a computer running Windows XP by luring a computer user to a malicious Web site hosting code that exploits the hole, regardless of what browser is being used.

Earlier on Tuesday, Sophos reported seeing exploits in the wild on its blog. Sophos' software detects the exploit as Troj/Drop-FS and offers a free threat detection scan and information for how to remove the Trojan.

Microsoft is scrambling to develop a patch for the hole after Google researcher Tavis Ormandy disclosed it publicly last Thursday, providing details and proof-of-concept code. He had notified Microsoft about the problem five days earlier. Microsoft released an advisory on the vulnerability later on Thursday.

Microsoft representatives and others say Ormandy's action was irresponsible because it did not give Microsoft enough time to fix the problem. Ormandy has not responded to that criticism but has defended releasing an exploit at the same time he reported the issue by saying Microsoft would have ignored him otherwise.

Source: CNET  http://news.cnet.com/8301-27080_3-20007785-245.html

Microsoft Workaround: FixIt Link     http://support.microsoft.com/kb/2219475

--------------------------------------------------------------------------------------------------------------------------------------------

You would be astonished at how niev most computer/internet users are when it comes to their home PC's and Internet usage and protection.....

 :cheers:

TC
Logged
"When one considers just what they should say to a new pilot who is logging in Aces High, the mind becomes confused in the complex maze of info it is necessary for the new player to know. All of it is important; most of it vital; and all of it just too much for one brain to absorb in 1-2 lessons" TC
Pages: [1]   Go Up
« previous next »