Forum latest

  • Happy Birthday Daniel ~!
    Allan, how very cool to hear from you! I hope that it goes well for you and your fami...
  • Happy Birthday Daniel ~!
    Does "Happy belated birthday wishes" even cover this by now? :-) Not sure it does! S...
  • It's true..
    Watched "Now You See Me 2" last night. Been a while since the first one, so I'm not a...
Microsoft Patches Critical Vulnerabilities In Windows
Security
Written by Daniel   
Wednesday, 14 July 2010 18:02

From Dark Reading

Flaws in Windows Help and Support Center already seen in the wild, observers say
Microsoft today patched four security vulnerabilities in the Windows environment -- three of them considered critical -- and experts say one of the flaws is already being exploited.

Researchers have already reported the vulnerability in the Windows Help and Support Center feature that comes with Windows XP and Windows Server 2003. Experts say at least three exploits of this flaw have already been spotted in the wild.



"This vulnerability could allow remote code execution if a user views a specially crafted Web page using a Web browser or clicks a specially crafted link in an e-mail message," Microsoft says. "The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful, a user must click a link listed within an e-mail message."

Microsoft also issued a patch for another previously disclosed vulnerability, this one in the Canonical Display Driver (cdd.dll). "Although it is possible that the vulnerability could allow code execution, successful code execution is unlikely due to memory randomization," Microsoft says. "In most scenarios, it is much more likely that an attacker who successfully exploited this vulnerability could cause the affected system to stop responding and automatically restart."

Microsoft also revealed two previously undisclosed vulnerabilities in its Microsoft Office Access ActiveX Controls. "The vulnerabilities could allow remote code execution if a user opened a specially crafted Office file or viewed a Web page that instantiated Access ActiveX controls," the software giant says. "Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."

 

[More...] [Comments...]

 

See also

None found.


Hardware | Windows | Linux | Security | Mobile Devices | Gaming
Tech Business | Editorial | General News | folding@home

Forum | Download Files

Copyright ©2001 - 2012, AOA Forums.  All rights reserved.

Alliance of Overclocking Arts

Links monetized by VigLink

Don't Click Here Don't Click Here Either