Aces High Bulletin Board
General Forums => Hardware and Software => Topic started by: TequilaChaser on June 12, 2010, 06:07:23 AM
-
Microsoft on Thursday confirmed that Windows XP and Windows Server 2003 contain an unpatched bug that could be used to infect PCs by duping users into visiting rigged Web sites or opening attack e-mail. The company said it has seen no active in-the-wild attacks exploiting the vulnerability.
The bug in Windows' Help and Support Center -- a component that lets users access and download Microsoft help files from the Web -- doesn't properly parse the "hcp" protocol handler, Microsoft said in an advisory issued Thursday afternoon. Attackers can leverage the vulnerability by enticing users to malicious or hacked Web sites, or by convincing them to open malformed e-mail messages.
Windows Vista, Windows 7, Windows Server and Windows Server 2008 R2 are not vulnerable to the attack.
Source: PC World http://www.pcworld.com/article/198574/Microsoft_Confirms_Critical_Windows_XP_Bug.html?tk=rss_news
Full Report can be found at above link
-
Microsoft should just eliminate the "help and support" center all together.
In almost 20 years I've not one single time found it to be either helpful or supportive.
-
Microsoft should just eliminate the "help and support" center all together.
In almost 20 years I've not one single time found it to be either helpful or supportive.
I concurr...I've always disabled this nusance service. :rock
-
Update: Unpatched Windows XP-related hole exploited in attacks
Malicious hackers were found to be exploiting a hole on Tuesday affecting Windows XP that a Google researcher disclosed last week before Microsoft had a chance to fix it, the software giant confirmed.
There was "limited exploitation" of the unpatched vulnerability, Jerry Bryant, group manager for response communications at Microsoft, said in an e-mail statement. The exploits have been taken down from the Web, but Bryant said he expects there to be further attacks "given the public disclosure of full details of the issue."
"We want to reiterate that customers using Windows 2000, Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2 are not affected. Additionally, Windows Server 2003 customers are not at risk based on the attack samples we have analyzed," he said. "We encourage Windows XP customers to install the workaround provided in the advisory via a Microsoft FixIt. We continue to monitor the threat landscape and will keep customers updated via our blog at http://blogs.technet.com/b/msrc and our Twitter handle, www.twitter.com/msftsecresponse."
The vulnerability, which is in the online Windows Help and Support Center, could enable an attacker to take control of a computer running Windows XP by luring a computer user to a malicious Web site hosting code that exploits the hole, regardless of what browser is being used.
Earlier on Tuesday, Sophos reported seeing exploits in the wild on its blog. Sophos' software detects the exploit as Troj/Drop-FS and offers a free threat detection scan and information for how to remove the Trojan.
Microsoft is scrambling to develop a patch for the hole after Google researcher Tavis Ormandy disclosed it publicly last Thursday, providing details and proof-of-concept code. He had notified Microsoft about the problem five days earlier. Microsoft released an advisory on the vulnerability later on Thursday.
Microsoft representatives and others say Ormandy's action was irresponsible because it did not give Microsoft enough time to fix the problem. Ormandy has not responded to that criticism but has defended releasing an exploit at the same time he reported the issue by saying Microsoft would have ignored him otherwise.
Source: CNET http://news.cnet.com/8301-27080_3-20007785-245.html
Microsoft Workaround: FixIt Link http://support.microsoft.com/kb/2219475
--------------------------------------------------------------------------------------------------------------------------------------------
You would be astonished at how niev most computer/internet users are when it comes to their home PC's and Internet usage and protection.....
:cheers:
TC