Microsoft given info on new product vulnerability
Tuesday May 11
Microsoft issued information on a new product vulnerability
Symantec Security Response and Symantec DeepSight Vulnerability analysts have rated this vulnerability as a high risk due to the impact if the vulnerability was successfully exploited.
The Help and Support Center (HSC) of Microsoft Windows is a feature in Windows that provides help on a variety of topics such as downloading software updates, etc. If exploited, the HSC vulnerability could allow remote code execution, allowing an attacker to gain complete control of an affected system. This would allow the attacker the ability to install programs, view or change information, or create new accounts with full privileges. Windows operating systems that are affected include Microsoft XP and Microsoft Server 2003.
This vulnerability exists because of the way the HSC handles HCP URL validation. (HCP URL is another type of content that is loaded into a browser, similar to HTTP.) There are a number of steps the user would have to follow in order for the system to be compromised. An attacker would have to host a Web site that contains a Web page that is used to exploit this vulnerability. The attacker would also have to use social engineering to persuade the user to visit the Web site and perform several actions.
Users are encouraged to apply the security patch for the HSC vulnerability as soon as possible. Symantec reminds users that it is important to exercise caution when browsing the Internet, and when reading email. The success of recent email and web-based threats such as the Netsky and Bagle variants reinforce the importance of validating content received from outside parties. Symantec cautions users to be suspicious of actions that they are asked to perform by unknown parties.
"Symantec urges computer users to always keep their systems up to date, no matter how severe the vulnerability," said Alfred Huger, senior director, Symantec Security Response. "Also, because hackers and virus writers are getting more sophisticated in the use of social engineering, users need to exercise great caution when clicking on links and visiting unfamiliar websites."
In addition, Symantec strongly advises Windows users to apply the security patch for the Local Security Authority Subsystem Service (LSASS) Vulnerability, announced on April 13 in the MS Security Bulletin MS04-011. This vulnerability still poses a significant threat and users should take immediate steps to ensure their systems are protected. Additional information can be found at http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx