Under the miniscule prism

Microsoft Security Advisory (2219475)

Vulnerability in Help Center could allow remote code execution
 
For the Microsoft Knowledge Base Article on this issue and a FixIt solution follow this link: http://support.microsoft.com/kb/2219475
 
FAQ snippet for this Advisory:
 
What is the scope of the advisory? 
Microsoft is aware of a new vulnerability report affecting the Windows Help and Support Center function, a component of Microsoft Windows. This affects the operating systems listed in the Affected Software section.
 
Is this a security vulnerability that requires Microsoft to issue a security update? 
Microsoft is currently working to develop a security update for Windows to address this vulnerability. Microsoft will release the security update once it has reached an appropriate level of quality for broad distribution.
 
What is the Help and Support Center? 
Help and Support Center (HSC) is a feature in Windows that provides help on a variety of topics. For instance, HSC enables users to learn about Windows features, download and install software updates, determine whether a particular hardware device is compatible with Windows, get assistance from Microsoft, and so forth. Users and programs can execute URL links to Help and Support Center by using the "hcp://" prefix in a URL link instead of "http://".
 
What is the HCP Protocol? 
Similar to the HTTP protocol which is used to execute URL links to open a Web browser, the HCP protocol can be used to execute URL links to open the Help and Support Center feature.
 
Are third-party applications affected by this issue? 
Yes. Third-party applications, primarily Web browsers, are affected by this issue if they are capable of handling the HCP protocol.
 
What causes this threat? 
The Windows Help and Support Center does not properly validate URLs when using the HCP Protocol.
 
What might an attacker use this vulnerability to do? 
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
 
How could an attacker exploit the vulnerability? 
An attacker could host a specially crafted Web site that is designed to exploit this vulnerability through a Web browser and then convince a user to view the Web site. This can also include compromised Web sites and Web sites that accept or host user-provided content or advertisements. These Web sites could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or in an Instant Messenger request that takes users to the attacker’s Web site. It could also be possible to display specially crafted Web content by using banner advertisements or by using other methods to deliver Web content to affected systems.
 
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s