According to Microsoft, the vulnerability stems from the way Windows' Help and Support Center handles HCP URL validation. Help and Support System is a Web-based tool that access Microsoft's online help files as well as local help documentation.
An attacker could exploit the vulnerability by enticing users to a specially-crafted Web site or by sending malicious HTML e-mail and getting the user to click on a link embedded within the message. Once at the site, the attacker could, with some additional actions on the part of the user, manage to gain control of the compromised system, then wreak havoc by changing data, erasing files, or creating new accounts with full access privileges.
A patch to plug the gaffe can be downloaded from the Microsoft Web site or through the Windows Update service.
Microsoft also posted work-arounds for the vulnerability that can be applied if patching is delayed. They include unregistering the HCP protocol (which is used to execute URL links within the Help and Support Center) by editing the Windows Registry, reading messages in plain-text format within Outlook 2002 and later and Outlook Express 6, and applying the on Outlook E-mail Security Update Outlook 2000 SP1 and earlier.
This is not the first vulnerability Microsoft's noted within the Help and Support Center. One of the critical vulnerabilities posted in April related to Windows XP's and Windows Server 2003's help system, and in October 2003, the company disclosed another.
Bob Friday, Chief AI Officer for Juniper Networks, explains how the advanced technology is transforming operations.
Contact center leaders from 8x8, Awaken Intelligence, and 360insight discuss the importance of agent experience.
AI may force enterprises to rewire parts of their data centers so they are fully optimized to run such workloads. The question is do you use Ethernet or InfiniBand?
