Main » 2010»June»20 » Windowsokat should be updated, because the attackers are now swing into action
4:30 PM
Windowsokat should be updated, because the attackers are now swing into action
You're
a zero-day exploit in the buherablog described as follows: "The problem
is Windows Help Center protokollkezelőjében HCP is one of the converter
is caused by improper use of the function, which allows for XSS from
the controller's display page. The trouble is that the HCP documents via their trusted zone run, so code execution is possible by using JavaScript. This
problem makes it difficult to use a simple hcp: / / link is displayed
in the applications using protokollkezelőt ask the user for
confirmation to proceed, but this protective function can be avoided:
If an Advanced Stream Redirector (ASX - this format by default, Windows
Media Player
handles) files HtmlView parameters of a web site we give an IFRAME
embedded in a hcp: / / reference on the screen, do not get a warning. "
The
polemics, however, not risen due to its vulnerability, but that Ormandy
five days after it has notified Microsoft about this, on June 10
unveiled a detailed description, thus giving the opportunity for
malicious attackers to take advantage. Microsoft
security experts and some scolding words to defend himself against a
Google engineer that Microsoft has promised a fix within 60 days, but
that he is unacceptable.
Although
several systems are involved in the vulnerability, security companies
and Microsoft also stated that over the past few days, the Windows XP-M
against the attacks were launched.
The
Microsoft hotfix is now available on the company side, where the list
can be seen, the precise Windowsokat update is necessary.
