From: InfoSec News (alertsinfosecnews.org)
Date: Wed Jul 14 2010 - 02:07:07 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.darkreading.com/vulnerability_management/security/app-security/showArticle.jhtml?articleID=225800088

By Tim Wilson
DarkReading
July 13, 2010

Microsoft today patched four security vulnerabilities in the Windows
environment -- three of them considered critical -- and experts say one
of the flaws is already being exploited.

Researchers have already reported the vulnerability in the Windows Help
and Support Center feature that comes with Windows XP and Windows Server
2003. Experts say at least three exploits of this flaw have already been
spotted in the wild.

"This vulnerability could allow remote code execution if a user views a
specially crafted Web page using a Web browser or clicks a specially
crafted link in an e-mail message," Microsoft says. "The vulnerability
cannot be exploited automatically through e-mail. For an attack to be
successful, a user must click a link listed within an e-mail message."

Microsoft also issued a patch for another previously disclosed
vulnerability, this one in the Canonical Display Driver (cdd.dll).
"Although it is possible that the vulnerability could allow code
execution, successful code execution is unlikely due to memory
randomization," Microsoft says. "In most scenarios, it is much more
likely that an attacker who successfully exploited this vulnerability
could cause the affected system to stop responding and automatically
restart."

[...]

_________________________________________________________________
Attend Black Hat USA 2010, hosted at Caesars Palace in Las Vegas, Nevada
July 24-29th, offering over 60 training sessions and 11 tracks of Briefings
from security industry elite. To sign up visit http://www.blackhat.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]