Microsoft Help Centre Handling of Escape Sequences May Lead to Exploit
It appears that a problem has been discovered with Microsoft Help Centre that may lead to problems for
for those who are using it.
http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0197.html
According to the information provided by Microsoft on this issue:
"We are aware of a publicly disclosed vulnerability affecting Windows XP and Windows Server 2003.
We are not aware of any current exploitation of this issue and customers running Windows Vista,
Windows 7, Windows Server 2008, and Windows Server 2008 R2, are not vulnerable to this
issue, or at risk of attack."
Microsoft warns that the analysis from the original disclosure of the event is incomplete and the
workaround provided by Google is incomplete. They have made recommendations for and have
given the steps to unregister the hcp protocol to protect from exploitation. See the information for
mitigation at:
http://blogs.technet.com/b/msrc/archive/2010/06/10/windows-help-vulnerability-disclosure.aspx
Deb Hale Long Lines, LLC
Comments