Video | Business Headlines | Internet | Science | Scientific Ethics | Technology | Search


Microsoft given info on new product vulnerability

Tuesday May 11

Microsoft issued information on a new product vulnerability

Symantec Security Response and Symantec DeepSight Vulnerability analysts have rated this vulnerability as a high risk due to the impact if the vulnerability was successfully exploited.

The Help and Support Center (HSC) of Microsoft Windows is a feature in Windows that provides help on a variety of topics such as downloading software updates, etc. If exploited, the HSC vulnerability could allow remote code execution, allowing an attacker to gain complete control of an affected system. This would allow the attacker the ability to install programs, view or change information, or create new accounts with full privileges. Windows operating systems that are affected include Microsoft XP and Microsoft Server 2003.

This vulnerability exists because of the way the HSC handles HCP URL validation. (HCP URL is another type of content that is loaded into a browser, similar to HTTP.) There are a number of steps the user would have to follow in order for the system to be compromised. An attacker would have to host a Web site that contains a Web page that is used to exploit this vulnerability. The attacker would also have to use social engineering to persuade the user to visit the Web site and perform several actions.

Users are encouraged to apply the security patch for the HSC vulnerability as soon as possible. Symantec reminds users that it is important to exercise caution when browsing the Internet, and when reading email. The success of recent email and web-based threats such as the Netsky and Bagle variants reinforce the importance of validating content received from outside parties. Symantec cautions users to be suspicious of actions that they are asked to perform by unknown parties.

"Symantec urges computer users to always keep their systems up to date, no matter how severe the vulnerability," said Alfred Huger, senior director, Symantec Security Response. "Also, because hackers and virus writers are getting more sophisticated in the use of social engineering, users need to exercise great caution when clicking on links and visiting unfamiliar websites."

In addition, Symantec strongly advises Windows users to apply the security patch for the Local Security Authority Subsystem Service (LSASS) Vulnerability, announced on April 13 in the MS Security Bulletin MS04-011. This vulnerability still poses a significant threat and users should take immediate steps to ensure their systems are protected. Additional information can be found at


© Scoop Media

Business Headlines | Sci-Tech Headlines


Half A Billion Accounts: Yahoo Confirms Huge Data Breach

The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers. More>>

Rural Branches: Westpac To Close 19 Branches, ANZ Looks At 7

Westpac confirms it will close nineteen branches across the country; ANZ closes its Ngaruawahia branch and is consulting on plans to close six more branches; The bank workers union says many of its members are nervous about their futures and asking ... More>>

Interest Rates: RBNZ's Wheeler Keeps OCR At 2%

Reserve Bank governor Graeme Wheeler kept the official cash rate at 2 percent and said more easing will be needed to get inflation back within the target band. More>>


Half Full: Fonterra Raises Forecast Payout As Global Supply Shrinks

Fonterra Cooperative Group, the dairy processor which will announce annual earnings tomorrow, hiked its forecast payout to farmers by 50 cents per kilogram of milk solids as global supply continues to decline, helping prop up dairy prices. More>>



Meat Trade: Silver Fern Farms Gets Green Light For Shanghai Maling Deal

The government has given the green light for China's Shanghai Maling Aquarius to acquire half of Silver Fern Farms, New Zealand's biggest meat company, with ministers satisfied it will deliver "substantial and identifiable benefit". More>>


Get More From Scoop

Search Scoop  
Powered by Vodafone
NZ independent news