Saturday, 12 June 2010

New Windows XP security issue - fix for non-geeks

For those with Windows XP or Windows Server 2003 there's a recently discovered security issue involving Windows Help and Support Center which could allow bad hackers to take over your computer. For this one, though, you're OK if you're on Vista or Windows 7.

Microsoft said "This vulnerability could allow remote code execution if a user views a specially crafted Web page using a Web browser or clicks a specially crafted link in an e-mail message." (See also this Microsoft blog post.)

How to fix the vulnerability

This zero day vulnerability doesn't seem to have been exploited yet, but for non-technical readers, the easiest way to protect your computer is to use this automated hotfix from Microsoft (direct link). That page also contains a link to undo or disable the fix as and when a permanent security update is produced and rolled out by Microsoft.

It's more of a workaround than a fix, and be warned that doing that may block innocuous activity, e.g. some of your Control Panel links may stop working. (You could undo the fix temporarily then re-enable it when you're done, perhaps!)

Incidentally the way this issue was reported by a Google security researcher (full details were published before a fix was found) has raised some hackles at Microsoft in relation to "responsible disclosure" of security vulnerabilities.

No comments: