Windows Help Vulnerability

Several web sites have been reporting a security vulnerability in Windows XP and Server 2003 based on the the way Microsoft Help Center handles escape sequences. The technical details are described here:

http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0197.html 

Word from the Microsoft Security Response Center (MSRC) is that the vulnerability has not been exploited “in the wild” but proof of concept code has been publicly published. Vista, Windows 7 and Server 2008/2008 R2 are not at risk. Mitigating factors and workarounds are described in Microsoft Security Advisory 2219475:

http://www.microsoft.com/technet/security/advisory/2219475.mspx 

Meanwhile, the Google engineer who made details of the vulnerability and how to exploit it public only five days after informing Microsoft, and before they had a chance to issue a patch, has been criticized in several circles:

http://news.cnet.com/8301-27080_3-20007421-245.html?part=rss&subj=news&tag=2547-1_3-0-20

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top