IT Management Daily
Storage Daily
Security Daily

follow us on Twitter

Be a Commerce Partner

Internet News
Small Business
Personal Technology

Corporate Info
Tech Jobs
E-mail Offers

Related Articles
The New Business of Security -- Metrics That Matter
One-Time Passwords via Mobile Phone -- Sound Security Practice or Pain in the Neck?
Virtualize Your Way to a More Secure Desktop

Security Products
 FB Limiter (AxiomCoders)
 Keylogger Free Download (Free keylogger download)
 Software Keylogger (Software keyloggers)
 Facebook Password Recovery (XaviWare Software Ltda.)
 BlockAllow (BlockAllow)
 AW GoOn (AtelierWeb Software)
» Enterprise IT Planet » Security » Security News

Serious Security Vulnerability in Found Windows XP

By Stuart J. Johnston
June 14, 2010

Email Print Digg This Add to

Despite its age, Windows XP remains the most popular version of Windows. Unfortunately, it lacks the security most enterprises need, leaving too many users in a precarious position when a serious security vulnerability pops up. eSecurity Planet reports on this latest Security Advisory from Microsoft.

Microsoft issued a Security Advisory Thursday afternoon to warn Windows XP users of a serious threat to security caused by the disclosure of a previously unknown flaw in the system's Help and Support Center.

The flaw was revealed Wednesday night, along with a working exploit showing how to take advantage of it, by Google security researcher Tavis Ormandy, who is no stranger to Microsoft's security team. In January, he revealed a 17-year-old security flaw that he found in virtually all versions of Windows.

Ormandy's latest discovery works by launching XP's Help and Support Center by sending it a special communications protocol (hcp://) instead of a hypertransport call (http://). That can be used to launch a cross-site scripting attack, with the ultimate result of taking over the user's system just by visiting a page that's booby-trapped with a malicious link.

"The HCP protocol can be used to execute URL links to open the Help and Support Center feature," the advisory said. The problem comes from the fact that the Help and Support Center does not correctly validate URLs if they're sent using the protocol.

Read the rest of "Microsoft Warns of Security Flaw in Windows XP" at eSecurity Planet

Follow Enterprise IT Planet on Twitter

Email Print Digg This Add to

Security News Archives
The Network for Technology Professionals



Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | E-mail Offers