Saw this earlier on Patch Management...any word yet on workaround/mitigation to keep us sane until the inevitable OOB patch comes around?
On 10 June 2010 12:00, Ziots, Edward <[email protected]> wrote: > http://www.theregister.co.uk/2010/06/10/windows_help_bug/ > http://seclists.org/fulldisclosure/2010/Jun/205 > > Looks like a combination of XSS, and invoking the hcp protocol for help and > support center to execute commands in the context of the logged on user. > > PS: Mad Props to Susan Bradley on the Patch Management list for putting > this out.... > > Z > > Edward Ziots > CISSP,MCSA,MCP+I,Security +,Network +,CCA > Network Engineer > Lifespan Organization > 401-639-3505 > [email protected] > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
