 |
|
||||
|
Serious Security Vulnerability in Found Windows XPBy Stuart J. JohnstonJune 14, 2010
Despite its age, Windows XP remains the most popular version of Windows. Unfortunately, it lacks the security most enterprises need, leaving too many users in a precarious position when a serious security vulnerability pops up. eSecurity Planet reports on this latest Security Advisory from Microsoft.
Microsoft issued a Security Advisory Thursday afternoon to warn Windows XP users of a serious threat to security caused by the disclosure of a previously unknown flaw in the system's Help and Support Center. The flaw was revealed Wednesday night, along with a working exploit showing how to take advantage of it, by Google security researcher Tavis Ormandy, who is no stranger to Microsoft's security team. In January, he revealed a 17-year-old security flaw that he found in virtually all versions of Windows. Ormandy's latest discovery works by launching XP's Help and Support Center by sending it a special communications protocol (hcp://) instead of a hypertransport call (http://). That can be used to launch a cross-site scripting attack, with the ultimate result of taking over the user's system just by visiting a page that's booby-trapped with a malicious link. "The HCP protocol can be used to execute URL links to open the Help and Support Center feature," the advisory said. The problem comes from the fact that the Help and Support Center does not correctly validate URLs if they're sent using the protocol. Read the rest of "Microsoft Warns of Security Flaw in Windows XP" at eSecurity PlanetFollow Enterprise IT Planet on Twitter
|
|
Email
Print
Digg This
Add to del.icio.us
