Thursday, June 10, 2010

Microsoft Security Advisory (2219475)

Microsoft released Security Advisory 2219475, addressing a vulnerability in the Windows Help and Support Center function in Windows XP and Windows Server 2003. One of Google’s security researchers publicly released vulnerability details as well as a working exploit for the vulnerability. Microsoft is not aware of any active attacks at this time.

Because Windows Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2 do not include the Help and Support Center application, they are not vulnerable to this issue or at risk of attack.

Important Note from the Security Research & Defense Team:
"The full-disclosure advisory included a hotfix tool built by the Google security researcher. Unfortunately it is ineffective at preventing the vulnerable code from being reached and can be easily bypassed. We recommend not counting on the Google hotfix tool for protection from the issue."
For an effective workaround, please see the information provided in Microsoft Security Advisory (2219475).


Affected Software
  • Windows XP Service Pack 2 and Windows XP Service Pack 3
  • Windows XP Professional x64 Edition Service Pack 2
  • Windows Server 2003 Service Pack 2
  • Windows Server 2003 x64 Edition Service Pack 2
  • Windows Server 2003 with SP2 for Itanium-based Systems


References:
Clubhouse Tags: Clubhouse, Microsoft, Windows, Security, Vulnerabilities, Information,


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

No comments: