Because Windows Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2 do not include the Help and Support Center application, they are not vulnerable to this issue or at risk of attack.
Important Note from the Security Research & Defense Team:
"The full-disclosure advisory included a hotfix tool built by the Google security researcher. Unfortunately it is ineffective at preventing the vulnerable code from being reached and can be easily bypassed. We recommend not counting on the Google hotfix tool for protection from the issue."For an effective workaround, please see the information provided in Microsoft Security Advisory (2219475).
Affected Software
- Windows XP Service Pack 2 and Windows XP Service Pack 3
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 with SP2 for Itanium-based Systems
References:
- MSRC Blog: Security Advisory 2219475 Released - The Microsoft Security Response Center
- Security Research & Defense: Help and Support Center vulnerability full-disclosure posting
- TechNet: Microsoft Security Advisory (2219475): Vulnerability in Windows Help and Support Center Could Allow Remote Code Execution
Clubhouse Tags: Clubhouse, Microsoft, Windows, Security, Vulnerabilities, Information,
No comments:
Post a Comment
Neither spam nor comments containing vulgarities will be approved.