[ISN] Microsoft confirms critical Windows XP bug

From: InfoSec News <alerts_at_private>
Date: Mon, 14 Jun 2010 00:27:25 -0500 (CDT)
http://www.computerworld.com/s/article/9177966/Microsoft_confirms_critical_Windows_XP_bug

By Gregg Keizer
Computerworld
June 11, 2010

Microsoft on Thursday confirmed that Windows XP and Windows Server 2003 
contain an unpatched bug that could be used to infect PCs by duping 
users into visiting rigged Web sites or opening attack e-mail.

The company said it has seen no active in-the-wild attacks exploiting 
the vulnerability.

The bug in Windows' Help and Support Center -- a component that lets 
users access and download Microsoft help files from the Web -- doesn't 
properly parse the "hcp" protocol handler, Microsoft said in an advisory 
issued Thursday afternoon. Attackers can leverage the vulnerability by 
enticing users to malicious or hacked Web sites, or by convincing them 
to open malformed e-mail messages.

Windows Vista, Windows 7, Windows Server and Windows Server 2008 R2 are 
not vulnerable to the attack.

[...]


_________________________________________________________________
Attend Black Hat USA 2010, hosted at Caesars Palace in Las Vegas, Nevada
July 24-29th, offering over 60 training sessions and 11 tracks of Briefings
from security industry elite. To sign up visit http://www.blackhat.com
Received on Sun Jun 13 2010 - 22:27:25 PDT

This archive was generated by hypermail 2.2.0 : Sun Jun 13 2010 - 22:31:14 PDT