Windows Help Vulnerability

By /

Several web sites have been reporting a security vulnerability in Windows XP and Server 2003 based on the the way Microsoft Help Center handles escape sequences. The technical details are described here:

http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0197.html 

Word from the Microsoft Security Response Center (MSRC) is that the vulnerability has not been exploited “in the wild” but proof of concept code has been publicly published. Vista, Windows 7 and Server 2008/2008 R2 are not at risk. Mitigating factors and workarounds are described in Microsoft Security Advisory 2219475:

http://www.microsoft.com/technet/security/advisory/2219475.mspx 

Meanwhile, the Google engineer who made details of the vulnerability and how to exploit it public only five days after informing Microsoft, and before they had a chance to issue a patch, has been criticized in several circles:

http://news.cnet.com/8301-27080_3-20007421-245.html?part=rss&subj=news&tag=2547-1_3-0-20

About The Author

Debra Littlejohn Shinder is a technology and security analyst and author specializing in identity, security and cybercrime, utilizing her past experience as a police officer and police academy/criminal justice instructor. She has written numerous books and articles for web and print publications and has been awarded the Microsoft MVP designation for fourteen years in a row.

Read Next

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top