Xkcd Tech Support

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Thursday, 10 June 2010

Vulnerability in Microsoft Windows Help and Support Function

Posted on 17:25 by Unknown
In the wake of a patch Tuesday that put forth fixes for 34 flaws, Microsoft has issued Security Advisory 2219475 for a publicly-released vulnerability in the help and support center function of Windows XP and Windows Server 2003. Successful exploit could result in remote code execution.

Google security researchers reported the vulnerability to Microsoft on June 5, and publicly released information about the flaw and how it might be used in attacks on June 9.

Microsoft is obviously cranky at Google for the public disclosure, as evidenced by their snarky entry within their Microsoft Security Response Center blog posting:

As always, Microsoft strives to work with security researchers to address vulnerabilities in our software. This helps ensure that customers receive comprehensive, high-quality updates before cyber criminals learn of - and work to exploit - a vulnerability. Responsible disclosure protects the computer ecosystem and individual computer users from harm.

No exploits in the wild have been publicly reported, and its Microsoft's hope that this remains the case while a fix is developed. The suggested workaround is to unregister the HCP protocol.

This isn't the first time flaws in Microsoft's help center have been reported. Thankfully, the vulnerability is not present in Vista and Windows 7 on the client side, or Server 2000 and Server 2008.

Don't expect an out-of-band patch for this one, unless widespread attacks begin popping up. 



Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in exploit, Microsoft, vulnerability | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Praying for a Big Dick
    Saturday Morning Breakfast Cereal
  • The Shame
    Oh, McRib. You are one saucy bitch.
  • Give Mom The Gift of Masturbation for Mother's Day
    Wow. I've heard of targeted marketing before, but the thought of giving your mother a DC-powered sex vibe is one forward-leaning way to ...
  • Chamber of Whores
    GRIT TV has put together a damning behind-the-scenes look at the U.S. Chamber of Commerce that details from where the money comes, and to wh...
  • Maslow's Hierarchy of Robot Needs
    Via lunchbreath's photostream on flickr
  • Matt Taibbi on Olbermann Suspension
    How Matt Taibbi is able to continually squeeze through the bullshit and come out crystal clear on the other side is beyond me, but his analy...
  • Who does Google know that you know? - Boing Boing
    It's unsettling to click a link and find that you're connected to thousands of people without your knowledge, even though that's...
  • Goodnight iPad
  • SMBC - Ass Acne
    Saturday Morning Breakfast Cereal
  • What's With All The Anal Sex Studies?
    The NYC Department of Health recently released a report entitled, "Women, Unprotected Anal Sex and HIV Risk", in which female resp...

Categories

  • activism
  • Adobe
  • advertising
  • Afghanistan
  • aging
  • airlines
  • Apple
  • Arizona
  • art
  • banking
  • Barack Obama
  • Barbie
  • blog
  • Bobblespeak Translation
  • business
  • charity
  • childhood
  • CNN
  • Colbert
  • Columbus
  • comic
  • commentary
  • compassion
  • computers
  • conservatives
  • crime
  • cyber security
  • DADT
  • data protection
  • David Letterman
  • death
  • democracy
  • dogs
  • Ebert
  • economy
  • education
  • EFF
  • energy
  • England
  • environment
  • evolution
  • exploit
  • Facebook
  • faith
  • feminism
  • finance
  • flowchart
  • food
  • football
  • Fox
  • fraud
  • gadget
  • gadgets
  • Gawker
  • gay
  • geek
  • Glenn Beck
  • Google
  • government
  • GraphJam
  • guns
  • hacking
  • history
  • holiday
  • humor
  • information security
  • iPhone
  • Japanese
  • Java
  • John Hodgman
  • Jon Stewart
  • journalism
  • law enforcement
  • legal
  • life
  • lunchbreath
  • mainstream media
  • malware
  • McCain
  • McDonald's
  • media
  • medicine
  • merchandise
  • Metasploit
  • Microsoft
  • military
  • movie
  • movies
  • MSNBC
  • Muppets
  • music
  • nature
  • New Orleans
  • news
  • newspapers
  • NFL
  • NY Times
  • Obama
  • odd
  • Oddly Specific
  • Ohio
  • Olbermann
  • parenting
  • Paul Krugman
  • pets
  • philosophy
  • photo
  • piracy
  • poetry
  • politics
  • prank
  • privacy
  • protest
  • psychology
  • Rachel Maddow
  • racism
  • radio
  • religion
  • Republicans
  • right-wing
  • robots
  • Sarah Palin
  • sarcasm
  • satire
  • Saturday Morning Breakfast Cereal
  • science
  • security
  • Seinfeld
  • sexism
  • sexy
  • SMBC
  • social networking
  • socialism
  • sports
  • Star Trek
  • Star Wars
  • Steelers
  • Stephen Colbert
  • Taibbi
  • taxes
  • tea bagging
  • technology
  • television
  • terrorism
  • The Daily Show
  • the internet
  • The Onion
  • threats
  • toys
  • veteran
  • video
  • video game
  • vulnerability
  • Wal Mart
  • xkcd.com

Blog Archive

  • ►  2013 (1)
    • ►  March (1)
  • ►  2011 (23)
    • ►  November (1)
    • ►  October (4)
    • ►  September (5)
    • ►  April (4)
    • ►  March (5)
    • ►  February (3)
    • ►  January (1)
  • ▼  2010 (476)
    • ►  December (8)
    • ►  November (7)
    • ►  October (24)
    • ►  September (10)
    • ►  August (28)
    • ►  July (44)
    • ▼  June (83)
      • Nude Woman Steals Cars, Probably Not Mormon
      • Replace Your Dog With An AT-AT
      • Robert Byrd - Pork Fritter
      • Fred Thompson, Sleazy Huckster
      • Sunday Morning Coffee in the Backyard Gazebo
      • Treme - A Good Man Slips Beneath The Water
      • Lewis Black on the Oil Spill
      • Megan Fox or Naked Mannequin - You Make The Call
      • Don't Try To Win A Staring Contest With A Muppet
      • Spinach Ick
      • Bobby Jindal Confuses Invocation With Reaction
      • Chris Dodd Is Happy About Something Or Other
      • Rachel Maddow's Gulf Oil Map
      • John Lee Hooker - The Healer
      • Sam Seder Calls Bullshit on Social Security Crisis
      • The Afterlife: So Long and Thanks For All The Fish
      • Gahanna Blues
      • Joe Biden Says What We're All Thinking About Barton
      • Energy Independence? When Pigs Fly
      • Real Time Mario Soundtrack By Violin
      • Mr. President, your flowery verbiage is opaque and...
      • Political Arm Twisting
      • Father's Day Marketing
      • Ball Waxing For Charity
      • Gay Blood is Icky?
      • How To Do A Political Apology
      • Norah Jones - Are You Lonesome Tonight?
      • Comic Sans Takes A Stand
      • Obama and TV and Oil (Oh My!)
      • Pac Man vs. Mario
      • The Johnny Cash Project
      • Sarah Palin - The Olive Oyl of Energy Policy
      • Is Obama Really Cartman?
      • Bobblespeak Translation of Obama's Oil Speech
      • You Clearly Don't Understand The Point of a Penis
      • Hunting Bin Laden With A Sword
      • Digby Has A New Rule
      • KT Tunstall - Other Side of the World
      • Arizona Politician Gets Schooled
      • Jeff Beck - Drown In My Own Tears
      • Drunk Ohio Woman Poops Pants During Traffic Stop, ...
      • Boehner Flip Flops on BP Liability Cap
      • I9 Avalon Bowl Flag Football Benefit
      • Billie Holiday - The Blues Are Brewin'
      • Classic Restaurant Restroom
      • B.B. King - Key to the Highway
      • Deleted Your Facebook Account? Think Again
      • Fire Tony Hayward, BP CEO
      • Marines in Marja and the Battles to Come
      • XKCD - Phobia
      • Sharron Angle - All Fringe, All The Time
      • Stevie Ray Vaughan - The Sky is Crying
      • Adobe Flash Player Update Fixes 32 Security Flaws
      • Alfred Hitchcock's 'That's What SHE Said'
      • Hot Banker Wants To Be 'Tits on a Stick'
      • Vulnerability in Microsoft Windows Help and Suppor...
      • BP Execs Clean Up Coffee Spill
      • Fabulous Thunderbirds - Tough Enough
      • XKCD - Swimsuit Issue
      • Jon Stewart - Ass Quest
      • Primary Election Wisdom
      • John Lee Hooker - Hobo Blues
      • Microsoft Security Bulletin for June 2010 Is A Doozy
      • Teaberry Ice Cream - A Taste of Summer
      • British Shin Kicking Championship
      • Tommy Castro - Guilty of Love
      • Harvey Danger - I'm Not Sick But I'm Not Well!
      • Will Brazilian Butt Dance Give Me A Broken Beak?
      • Thea Gilmore - Old Soul
      • Roger Ebert's Essay on the Arizona School Mural
      • We, The People, Want The Keys Back
      • Critical Adobe Flaw Being Exploited in the Wild - ...
      • Dog Day Afternoon
      • John Boehner - Embarrassing Ohio Since 1990
      • The Reoccurring Prop Newspaper Gag
      • Drunk Driving in Dallas
      • Rachel Maddow's Heartfelt Oil Spill Disgust
      • Evolutionary Psychology Bingo
      • Google vs Microsoft - What's In It For You
      • Lego My Earbuds
      • Bone Eating Snot Flower Worm
      • Blogging Takes Its Toll
      • Bo Diddley - Who Do You Love?
    • ►  May (147)
    • ►  April (125)
Powered by Blogger.

About Me

Unknown
View my complete profile