VIA Root - New Windows XP flaw in Support Center

VIARoot

Security News

Security alerts

Business IT security Services

Security Tools

About VIARoot

New Windows XP flaw in Support Center

Search

Security News

25% Of Malware Spread Via USB Drives
Mathew J. Schwartz, InformationWeek
2010-08-27 14:11:17
Email and peer-to-peer networks also rank as significant venues for malware attacks, which have increased slightly in the U.S. but declined in Europe, according to Panda Security.

Intel Buys McAfee
Hugo Jean, Heptacube Inc.
2010-08-24 14:51:53
The motivation behind the $7.68 billion deal is unclear, but Intel says it wants to integrate computer security into its hardware.

IT Directory

Wiseleap Solutions Inc.
Founded in 2005, Wiseleap Solutions Inc.'s mission consists in providing companies with the information necessary to make cri [...]

IT Ration Consulting Inc.
IT-Ration Consulting inc has been a NetSuite Partner since 2005 and helps your enterprise grow by aligning your Information T [...]

HumanWare
Empowering People Focused on enhancing the lives of people with visual and learning disabilities, HumanWare provide [...]

By Hugo Jean, Heptacube Inc.
2010-06-11 12:23:26
On the day following Microsoft's release of its relatively large "Patch Tuesday" Security Bulletin for June, a serious flaw has surfaced. It fortunately affects only Windows XP and Server 2003, but this still means a majority of machines are at risk. A Google security researcher called Tavis Ormandy first reported it to Microsoft on June 5th, according to Mike Reavey of the Microsoft Security Response Center, and made it public on June 9th "without giving [them] time to resolve the issue." Ormandy argues that the vulnerability was serious enough that the risk of keeping it hidden was more threatening to users than warning them. He also provided a workaround to the vulnerability. However, Reavy insists the full public disclosure of the flaw, along with an exploit, was not responsible on Ormandy's part. "While this was a good find by the Google researcher, it turns out that the analysis is incomplete and the actual workaround Google suggested is easily circumvented," he said. Since then, Microsoft has published a security advisory concerning the zero-day vulnerability. It confirms that only Windows XP and Windows Server 2003 are affected by the vulnerability and provides workarounds while Microsoft prepares a security update. It is not known if we will have to wait until next month's regular Patch Tuesday or if Microsoft will release an out-of-bounds update. The vulnerability actually resides in the way Windows handles HCP links, which are used by the Help and Support Center feature of the operating system for remote assistance. Attackers could embed pieces of code in hcp:// URLs in order to execute malicious code on the affected computer. In addition, according to Ormandy, vulnerable computers that run Internet Explorer 8 are especially at risk, while attacks on those running older versions of the browser are facilitated by the presence of Windows Media Player.

Reference 1: http://www.itpro.co.uk/624214/new-windows-xp-flaw-leaves-pcs-exposed-to-remote-attack

Reference 2: http://www.microsoft.com/technet/security/bulletin/ms10-jun.mspx

Reference 3: http://seclists.org/fulldisclosure/2010/Jun/205

Reference 4: http://blogs.technet.com/b/msrc/archive/2010/06/10/windows-help-vulnerability-disclosure.aspx

Tags

InternetExplorer Microsoft SupportCenter WindowsMediaPlayer WindowsXP