Microsoft Security Advisory (2219475)

ronjor · Jun 10, 2010

Published: June 10, 2010

Version: 1.0
General Information
Executive Summary

Microsoft is investigating new public reports of a possible vulnerability in the Windows Help and Support Center function that is delivered with supported editions of Windows XP and Windows Server 2003. This vulnerability could allow remote code execution if a user views a specially crafted Web page using a Web browser or clicks a specially crafted link in an e-mail message. Microsoft is aware that proof of concept exploit code has been published for the vulnerability. However, Microsoft is not currently aware of active attacks that use this exploit code or of customer impact at this time. Microsoft is actively monitoring this situation to keep customers informed and to provide customer guidance as necessary.

We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers.

Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.
Click to expand...

Microsoft

ronjor · Jun 11, 2010

Help and Support Center vulnerability full-disclosure posting
swiblog
10 Jun 2010 2:14 PM

Yesterday evening, one of Google’s security researchers publicly released vulnerability details and a working exploit for an unpatched vulnerability in Windows XP and Windows Server 2003. This afternoon, we’ve released security advisory 2219475 with official guidance. We’d like to use this blog entry to share more details about the issue and ways you can protect yourself.
Click to expand...

Microsoft

Cudni · Jun 11, 2010

what a stupid thing to do and endanger XP users. Scoring points while being detrimental to public at large.

elapsed · Jun 11, 2010

Sanctioned by Google? I wonder. They are starting to jab at each other more and more.

ronjor · Jun 15, 2010

We are aware of limited exploits against the Win Help issue. XP users, apply the FixIt in Security Advisory 2219475
Click to expand...

Microsoft via Twitter

JRViejo · Jun 16, 2010

Hackers are now exploiting the zero-day Windows vulnerability that a Google engineer took public last week, Microsoft confirmed today.

Although Microsoft did not share details of the attack, other researchers filled in the blanks.

A compromised Web site is serving an exploit of the bug in Windows' Help and Support Center to hijack PCs running Windows XP, said Graham Cluley, a senior technology consultant at antivirus vendor Sophos. Cluley declined to identify the site, saying only that it was dedicated to open-source software.

"It's a classic drive-by attack," said Cluley, referring to an attack that infects a PC when its user simply visits a malicious or compromised site. The tactic was one of two that Microsoft said last week were the likely attack avenues. The other: Convincing users to open malicious e-mail messages.
Click to expand...

Hackers exploit Windows XP zero-day, Microsoft confirms By Gregg Keizer.

elapsed · Jun 16, 2010

Well done Google...

noway · Jun 18, 2010

If I was getting sick of these Help and Support Center vulnerabilities from cropping up every year or two, would it be sufficient to just disable the Help and Support Service itself for good? I don't think I've ever used it anyway.

JRViejo · Jun 18, 2010

noway, perhaps a better way (no pun intended) would be to set the service to manual instead of disable. Read BlackViper's Help and Support Win XP SP3 page.

siljaline · Jun 18, 2010

The MS Fix It solution as detailed earlier in the thread by Ron is here
http://support.microsoft.com/kb/2219475

JRViejo · Jun 30, 2010

Nearly a month after a Google engineer released details of a new Windows XP flaw, criminals have dramatically ramped up online attacks that leverage the bug.

Microsoft reported Wednesday that it has now logged more than 10,000 attacks. "At first, we only saw legitimate researchers testing innocuous proof-of-concepts. Then, early on June 15th, the first real public exploits emerged," Microsoft said in a blog posting. "Those initial exploits were targeted and fairly limited. In the past week, however, attacks have picked up."

The attacks, which are being launched from malicious Web pages, are concentrated in the U.S., Russia, Portugal, Germany and Brazil, Microsoft said.
Click to expand...

Microsoft: 10,000 PCs hit with new XP 0day attack by Robert McMillan

siljaline · Jun 30, 2010

Same | similar at The Register JR !

Nasty stuff, expect an out-of-cycle KB fix from MS on this one.

There is some interesting reading at above link.

Thanks !

wat0114 · Jun 30, 2010

Mitigating Factors

The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful a user must click a link listed within an e-mail message.

An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

It seems drive-by infections are probably the biggest concern, although running limited should help a great deal.

Page42 · Jul 1, 2010

siljaline said:

The MS Fix It solution as detailed earlier in the thread by Ron is here
http://support.microsoft.com/kb/2219475
Click to expand...

Very easily applied fix, indeed.
I applied the MS Fix It solution, though I had to drop my browser's Run Safer setting in OA in order to grant myself admin rights to apply it.
I appreciate this thread and the useful info. Thanks, fellas.

Log in or Sign up

Microsoft Security Advisory (2219475)

ronjor Global Moderator

ronjor Global Moderator

Cudni Global Moderator

elapsed Registered Member

ronjor Global Moderator

JRViejo Super Moderator

elapsed Registered Member

noway Registered Member

JRViejo Super Moderator

siljaline Registered Member

JRViejo Super Moderator

siljaline Registered Member

wat0114 Guest

Page42 Registered Member

Log in or Sign up

Microsoft Security Advisory (2219475)

ronjor Global Moderator

ronjor Global Moderator

Cudni Global Moderator

elapsed Registered Member

ronjor Global Moderator

JRViejo Super Moderator

elapsed Registered Member

noway Registered Member

JRViejo Super Moderator

siljaline Registered Member

JRViejo Super Moderator

siljaline Registered Member

wat0114 Guest

Page42 Registered Member

Useful Searches