Windows Help Vulnerability

Several web sites have been reporting a security vulnerability in Windows XP and Server 2003 based on the the way Microsoft Help Center handles escape sequences. The technical details are described here: 

Word from the Microsoft Security Response Center (MSRC) is that the vulnerability has not been exploited “in the wild” but proof of concept code has been publicly published. Vista, Windows 7 and Server 2008/2008 R2 are not at risk. Mitigating factors and workarounds are described in Microsoft Security Advisory 2219475: 

Meanwhile, the Google engineer who made details of the vulnerability and how to exploit it public only five days after informing Microsoft, and before they had a chance to issue a patch, has been criticized in several circles:

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top