Tuesday May 11
Microsoft issued information on a new product vulnerability
Symantec Security Response and Symantec DeepSight Vulnerability analysts have rated this vulnerability as a high risk
due to the impact if the vulnerability was successfully exploited.
The Help and Support Center (HSC) of Microsoft Windows is a feature in Windows that provides help on a variety of topics
such as downloading software updates, etc. If exploited, the HSC vulnerability could allow remote code execution,
allowing an attacker to gain complete control of an affected system. This would allow the attacker the ability to
install programs, view or change information, or create new accounts with full privileges. Windows operating systems
that are affected include Microsoft XP and Microsoft Server 2003.
This vulnerability exists because of the way the HSC handles HCP URL validation. (HCP URL is another type of content
that is loaded into a browser, similar to HTTP.) There are a number of steps the user would have to follow in order for
the system to be compromised. An attacker would have to host a Web site that contains a Web page that is used to exploit
this vulnerability. The attacker would also have to use social engineering to persuade the user to visit the Web site
and perform several actions.
Users are encouraged to apply the security patch for the HSC vulnerability as soon as possible. Symantec reminds users
that it is important to exercise caution when browsing the Internet, and when reading email. The success of recent email
and web-based threats such as the Netsky and Bagle variants reinforce the importance of validating content received from
outside parties. Symantec cautions users to be suspicious of actions that they are asked to perform by unknown parties.
"Symantec urges computer users to always keep their systems up to date, no matter how severe the vulnerability," said
Alfred Huger, senior director, Symantec Security Response. "Also, because hackers and virus writers are getting more
sophisticated in the use of social engineering, users need to exercise great caution when clicking on links and visiting
unfamiliar websites."
In addition, Symantec strongly advises Windows users to apply the security patch for the Local Security Authority
Subsystem Service (LSASS) Vulnerability, announced on April 13 in the MS Security Bulletin MS04-011. This vulnerability
still poses a significant threat and users should take immediate steps to ensure their systems are protected. Additional
information can be found at http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx
ENDS