Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Security holes plague Windows Help

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Security holes plague Windows Help
Date: Tue, 14 Sep 2004 04:21:14 -0500 (CDT) 
http://www.pcworld.idg.com.au/index.php/id%3B54090879%3Bfp%3B2%3Bfpid%3B1

Stuart J. Johnston
PC World
14/09/2004 

As its name implies, the Windows HTML Help system is designed to help
PC users by providing graphics, multimedia elements, and hyperlinks to
additional information. But it turns out that attackers can use this
system to help themselves to your files, and even to take control of
your PC.

Two newly discovered security holes affect the HTML Help system and
the Task Scheduler in Windows XP and 2000. The Help security bug also
affects earlier versions of Windows, including 98, 98 SE, and Me.

Unfortunately, Microsoft has not yet finished developing patches for
the older Windows versions and can't say when they'll be ready. When
they are, the company says, users will be able to get the patches
through Windows Update. One minor blessing: The older versions of the
Windows operating system aren't susceptible to the Task Scheduler bug.  
(Task Scheduler allows users to set the times when specific jobs, such
as system maintenance programs, will run.)

Before a malevolent cracker could exploit either security flaw, you
would have to visit a Web site that hosted a malicious link, or click
a link in an HTML e-mail that took you to the attacker's site. Like
many security flaws in Microsoft products, these holes could be
exploited by sending the system faulty or excessive information,
causing the machine to malfunction. Then the attacker would transmit a
program of his or her own to take control of your PC.

Microsoft designated the holes as "critical" because a cracker's
successful assault could result in the complete takeover of your
machine: The evildoer would then have free rein to steal your personal
files or even to wipe out the contents of your hard disk.

Microsoft has now released patches for both flaws in Windows XP and
2000. If you use XP, I recommend getting Service Pack 2. Though the
company hasn't yet posted patches for Windows 98 and Me systems, it
has provided workarounds for both bugs.



_________________________________________
Donate online for the Ron Santo Walk to Cure Diabetes - 
http://www.c4i.org/ethan.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Security holes plague Windows Help, InfoSec News <=
Previous by Date:  [ISN] Virus writers look for work, InfoSec News
Next by Date:  [ISN] Virus writers add network sniffer to worm, InfoSec News
Previous by Thread:  [ISN] Virus writers look for work, InfoSec News
Next by Thread:  [ISN] Virus writers add network sniffer to worm, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]