Today’s Patch Tuesday highlights Windows Help and Support Center can be a popular source of vulnerabilities

Posted on July 13, 2010 by Wedge Chief Scientist
No Gravatar

Today’s Patch Tuesday marks two key events – the first, and for the first time Microsoft is able to provide a 33 day turn around patch to a zero-day attack.  And the second, is how protocol handlers can be a popular source of vulnerabilities.

This zero-day vulnerability was discovered by Google’s Zurich-based researcher Travis Ormandy and is common in the Windows Help and Support Center feature that is delivered with supported editions of Windows XP and Windows Server 2003.

For those technically inclined, you can read more about today’s Microsoft Patch Tuesday patches at the end of the message courtesy of Ryan Naraine here.  But for those of who you who want to quickly appreciate this vulnerability and to give you a feel for how serious this zero day attack is, in the address bar of your “Internet Explorer” browser, type in this command:

hcp://system/sysinfo/sysinfomain.htm?svr=<h1>test</h1>

You should find your browser prompting you to save a ‘file’ but in effect, invoking the Windows Help and Support Center.  In his posting Travis goes further to provide a script through which this exploit can be utilized to completely take over your Windows Server and you can read about it here.

This provides yet another case for why network based deep content malware inspection is required.  BeSecure Administrators can simply add a simple Regular Expression that blocks ‘hcp://” invocations.

About Wedge Chief Scientist

Husam Kinawi, Chief Scientist Dr. Kinawi has a PhD and MSc in Computer Science from the Universities of Calgary, Canada and London, UK. In 1997, he co-founded Mpower Technologies Inc., a wireless telecommunications software company. In 1999, Dr. Kinawi co-founded ActiveIq.com (NASDAQ: AIQT), a Boston-based e-Business applications firm. Dr. Kinawi has over seventeen years of research and development experience working with industry leaders such as Newbridge (Alcatel), Siemens, United Technologies, and Apple in the areas of distributed information systems, embedded applications and wireless Internet solutions. Dr. Kinawi has also spoken at several major conferences, published several research papers, and is the holder of several patents in the area of mobile and wireless devices.
This entry was posted in Latest Security News. Bookmark the permalink.

2 Responses to Today’s Patch Tuesday highlights Windows Help and Support Center can be a popular source of vulnerabilities

  1. Pingback: Tweets that mention Today’s Patch Tuesday highlights Windows Help and Support Center can be a popular source of vulnerabilities | -- Topsy.com

  2. Belsey 120No Gravatar says:
    January 26, 2011 at 9:48 AM

    Undoubtedly, one of the best article l have come across on this precious topic. I quite agree with your conclusions and will eagerly look forward to your coming updates.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Before you submit form:
Human test by Not Captcha