http://www.darkreading.com/vulnerability_management/security/app-security/showArticle.jhtml?articleID=225800088 By Tim Wilson DarkReading July 13, 2010 Microsoft today patched four security vulnerabilities in the Windows environment -- three of them considered critical -- and experts say one of the flaws is already being exploited. Researchers have already reported the vulnerability in the Windows Help and Support Center feature that comes with Windows XP and Windows Server 2003. Experts say at least three exploits of this flaw have already been spotted in the wild. "This vulnerability could allow remote code execution if a user views a specially crafted Web page using a Web browser or clicks a specially crafted link in an e-mail message," Microsoft says. "The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful, a user must click a link listed within an e-mail message." Microsoft also issued a patch for another previously disclosed vulnerability, this one in the Canonical Display Driver (cdd.dll). "Although it is possible that the vulnerability could allow code execution, successful code execution is unlikely due to memory randomization," Microsoft says. "In most scenarios, it is much more likely that an attacker who successfully exploited this vulnerability could cause the affected system to stop responding and automatically restart." [...] _________________________________________________________________ Attend Black Hat USA 2010, hosted at Caesars Palace in Las Vegas, Nevada July 24-29th, offering over 60 training sessions and 11 tracks of Briefings from security industry elite. To sign up visit http://www.blackhat.comReceived on Wed Jul 14 2010 - 00:07:07 PDT
This archive was generated by hypermail 2.2.0 : Wed Jul 14 2010 - 00:25:12 PDT