Xkcd Tech Support

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Thursday 10 June 2010

Vulnerability in Microsoft Windows Help and Support Function

Posted on 17:25 by Unknown
In the wake of a patch Tuesday that put forth fixes for 34 flaws, Microsoft has issued Security Advisory 2219475 for a publicly-released vulnerability in the help and support center function of Windows XP and Windows Server 2003. Successful exploit could result in remote code execution.

Google security researchers reported the vulnerability to Microsoft on June 5, and publicly released information about the flaw and how it might be used in attacks on June 9.

Microsoft is obviously cranky at Google for the public disclosure, as evidenced by their snarky entry within their Microsoft Security Response Center blog posting:

As always, Microsoft strives to work with security researchers to address vulnerabilities in our software. This helps ensure that customers receive comprehensive, high-quality updates before cyber criminals learn of - and work to exploit - a vulnerability. Responsible disclosure protects the computer ecosystem and individual computer users from harm.

No exploits in the wild have been publicly reported, and its Microsoft's hope that this remains the case while a fix is developed. The suggested workaround is to unregister the HCP protocol.

This isn't the first time flaws in Microsoft's help center have been reported. Thankfully, the vulnerability is not present in Vista and Windows 7 on the client side, or Server 2000 and Server 2008.

Don't expect an out-of-band patch for this one, unless widespread attacks begin popping up. 



Email ThisBlogThis!Share to TwitterShare to FacebookShare to Pinterest
Posted in exploit, Microsoft, vulnerability | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Chamber of Whores
    GRIT TV has put together a damning behind-the-scenes look at the U.S. Chamber of Commerce that details from where the money comes, and to wh...
  • National Debt by President
    via Rachel Maddow
  • Sarah Palin - Leading the American Taliban
    Steve Benen at The Washington Monthly discusses Palin's recent speech at a Christian women's conference: She asked for the women -...
  • Norah Jones - Are You Lonesome Tonight?
  • Rand Paul Election News!
    Via The Poor Man Institute : Well I must say. I don’t have a lot of sympathy for Republicans in general, but this is just shocking. Josh Ma...
  • Atheist Barbie
    Barbie is still sexist crap, but at least this is a step in the right direction. Too bad it's not available in stores. Via BoingBoing
  • Colbert - Sunday Morning Fact-Checking
    The Colbert Report Mon - Thurs 11:30pm / 10:30c Sunday Morning Fact-Checking - Jake Tapper & Bill Adair www.colbertnation.com Colbert Re...
  • Geek Pride Day
    Today is Geek Pride Day . Why? Because we geeks have the technical expertise to make it so, that's why. Via Wikipedia :   Geek Pride Day...
  • The Bechdel Test for Women in Movies
    I never really thought about it. But now that I'm thinking about it, it's just another example of how shitty it is that Hollywood is...
  • Who Needs Border Patrol When The Shoes Are The Clues?
    You can't cure stupid.

Categories

  • activism
  • Adobe
  • advertising
  • Afghanistan
  • aging
  • airlines
  • Apple
  • Arizona
  • art
  • banking
  • Barack Obama
  • Barbie
  • blog
  • Bobblespeak Translation
  • business
  • charity
  • childhood
  • CNN
  • Colbert
  • Columbus
  • comic
  • commentary
  • compassion
  • computers
  • conservatives
  • crime
  • cyber security
  • DADT
  • data protection
  • David Letterman
  • death
  • democracy
  • dogs
  • Ebert
  • economy
  • education
  • EFF
  • energy
  • England
  • environment
  • evolution
  • exploit
  • Facebook
  • faith
  • feminism
  • finance
  • flowchart
  • food
  • football
  • Fox
  • fraud
  • gadget
  • gadgets
  • Gawker
  • gay
  • geek
  • Glenn Beck
  • Google
  • government
  • GraphJam
  • guns
  • hacking
  • history
  • holiday
  • humor
  • information security
  • iPhone
  • Japanese
  • Java
  • John Hodgman
  • Jon Stewart
  • journalism
  • law enforcement
  • legal
  • life
  • lunchbreath
  • mainstream media
  • malware
  • McCain
  • McDonald's
  • media
  • medicine
  • merchandise
  • Metasploit
  • Microsoft
  • military
  • movie
  • movies
  • MSNBC
  • Muppets
  • music
  • nature
  • New Orleans
  • news
  • newspapers
  • NFL
  • NY Times
  • Obama
  • odd
  • Oddly Specific
  • Ohio
  • Olbermann
  • parenting
  • Paul Krugman
  • pets
  • philosophy
  • photo
  • piracy
  • poetry
  • politics
  • prank
  • privacy
  • protest
  • psychology
  • Rachel Maddow
  • racism
  • radio
  • religion
  • Republicans
  • right-wing
  • robots
  • Sarah Palin
  • sarcasm
  • satire
  • Saturday Morning Breakfast Cereal
  • science
  • security
  • Seinfeld
  • sexism
  • sexy
  • SMBC
  • social networking
  • socialism
  • sports
  • Star Trek
  • Star Wars
  • Steelers
  • Stephen Colbert
  • Taibbi
  • taxes
  • tea bagging
  • technology
  • television
  • terrorism
  • The Daily Show
  • the internet
  • The Onion
  • threats
  • toys
  • veteran
  • video
  • video game
  • vulnerability
  • Wal Mart
  • xkcd.com

Blog Archive

  • ►  2013 (1)
    • ►  March (1)
  • ►  2011 (23)
    • ►  November (1)
    • ►  October (4)
    • ►  September (5)
    • ►  April (4)
    • ►  March (5)
    • ►  February (3)
    • ►  January (1)
  • ▼  2010 (476)
    • ►  December (8)
    • ►  November (7)
    • ►  October (24)
    • ►  September (10)
    • ►  August (28)
    • ►  July (44)
    • ▼  June (83)
      • Nude Woman Steals Cars, Probably Not Mormon
      • Replace Your Dog With An AT-AT
      • Robert Byrd - Pork Fritter
      • Fred Thompson, Sleazy Huckster
      • Sunday Morning Coffee in the Backyard Gazebo
      • Treme - A Good Man Slips Beneath The Water
      • Lewis Black on the Oil Spill
      • Megan Fox or Naked Mannequin - You Make The Call
      • Don't Try To Win A Staring Contest With A Muppet
      • Spinach Ick
      • Bobby Jindal Confuses Invocation With Reaction
      • Chris Dodd Is Happy About Something Or Other
      • Rachel Maddow's Gulf Oil Map
      • John Lee Hooker - The Healer
      • Sam Seder Calls Bullshit on Social Security Crisis
      • The Afterlife: So Long and Thanks For All The Fish
      • Gahanna Blues
      • Joe Biden Says What We're All Thinking About Barton
      • Energy Independence? When Pigs Fly
      • Real Time Mario Soundtrack By Violin
      • Mr. President, your flowery verbiage is opaque and...
      • Political Arm Twisting
      • Father's Day Marketing
      • Ball Waxing For Charity
      • Gay Blood is Icky?
      • How To Do A Political Apology
      • Norah Jones - Are You Lonesome Tonight?
      • Comic Sans Takes A Stand
      • Obama and TV and Oil (Oh My!)
      • Pac Man vs. Mario
      • The Johnny Cash Project
      • Sarah Palin - The Olive Oyl of Energy Policy
      • Is Obama Really Cartman?
      • Bobblespeak Translation of Obama's Oil Speech
      • You Clearly Don't Understand The Point of a Penis
      • Hunting Bin Laden With A Sword
      • Digby Has A New Rule
      • KT Tunstall - Other Side of the World
      • Arizona Politician Gets Schooled
      • Jeff Beck - Drown In My Own Tears
      • Drunk Ohio Woman Poops Pants During Traffic Stop, ...
      • Boehner Flip Flops on BP Liability Cap
      • I9 Avalon Bowl Flag Football Benefit
      • Billie Holiday - The Blues Are Brewin'
      • Classic Restaurant Restroom
      • B.B. King - Key to the Highway
      • Deleted Your Facebook Account? Think Again
      • Fire Tony Hayward, BP CEO
      • Marines in Marja and the Battles to Come
      • XKCD - Phobia
      • Sharron Angle - All Fringe, All The Time
      • Stevie Ray Vaughan - The Sky is Crying
      • Adobe Flash Player Update Fixes 32 Security Flaws
      • Alfred Hitchcock's 'That's What SHE Said'
      • Hot Banker Wants To Be 'Tits on a Stick'
      • Vulnerability in Microsoft Windows Help and Suppor...
      • BP Execs Clean Up Coffee Spill
      • Fabulous Thunderbirds - Tough Enough
      • XKCD - Swimsuit Issue
      • Jon Stewart - Ass Quest
      • Primary Election Wisdom
      • John Lee Hooker - Hobo Blues
      • Microsoft Security Bulletin for June 2010 Is A Doozy
      • Teaberry Ice Cream - A Taste of Summer
      • British Shin Kicking Championship
      • Tommy Castro - Guilty of Love
      • Harvey Danger - I'm Not Sick But I'm Not Well!
      • Will Brazilian Butt Dance Give Me A Broken Beak?
      • Thea Gilmore - Old Soul
      • Roger Ebert's Essay on the Arizona School Mural
      • We, The People, Want The Keys Back
      • Critical Adobe Flaw Being Exploited in the Wild - ...
      • Dog Day Afternoon
      • John Boehner - Embarrassing Ohio Since 1990
      • The Reoccurring Prop Newspaper Gag
      • Drunk Driving in Dallas
      • Rachel Maddow's Heartfelt Oil Spill Disgust
      • Evolutionary Psychology Bingo
      • Google vs Microsoft - What's In It For You
      • Lego My Earbuds
      • Bone Eating Snot Flower Worm
      • Blogging Takes Its Toll
      • Bo Diddley - Who Do You Love?
    • ►  May (147)
    • ►  April (125)
Powered by Blogger.

About Me

Unknown
View my complete profile