Microsoft Announces Patch for “Help Flaw” Security Hole   1/11/2005 - 953 views, 1 Comment

Summary: Not a moment too soon, Microsoft has announced a fix for that pesky "help flaw" involving ActiveX which Aunty first reported on here and again here just yesterday. Making this flaw even more devestating than some others is the fact that it affects so ...

Previous Article « New Spam Tactic Wreaks Havoc with DNS
Read Next Article » Two More Windows Patches from Microsoft


Not a moment too soon, Microsoft has announced a fix for that pesky “help flaw” involving ActiveX which Aunty first reported on here and again here just yesterday.

Making this flaw even more devestating than some others is the fact that it affects so many flavours of Windows, including version of 98, 98 SE, XP, ME, 2000, and Windows Server.

Worse, this is one of the security holes for which the “how to exploit it” instructions were posted on at least one, maybe two or more websites, making the need for a fix extra-critical. Indeed, security companies were recommending that users disable Active X until a fix was offered.

Well, the fix is now being offered by Microsoft, who says of this particular flaw and fix:

“A vulnerability exists in the HTML Help ActiveX control in Windows that could allow information disclosure or remote code execution on an affected system. This vulnerability is documented in the Vulnerability Details section of this bulletin.

If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system could be less impacted than users who operate with administrative privileges.

We recommend that customers install the update immediately.”

Aunty recommends so too, and you can get the patch here.

Get FREE email alerts of new Internet Patrol stories!
    *We never share your email address with anyone

Email Address:
Date of first visit:
How you found us:

Subscribe to The Internet Patrol on your cell phone    Email the link for this page to a friend!

Read more:

»  Windows ActiveX Flaw Still Active After Patch

»  New Critical Internet Explorer (IE) Flaw Involves Msdds.dll

»  Two More Windows Patches from Microsoft

»  Microsoft WMF Patch for Windows Metafile (WMF) Issue Released Early - Get It Now!

For additional similar stories check out our archives on Everything Else, Hacking, Security, Windows

 

1 Comment »

  1. Microsoft Announces Patch for “Help Flaw” Security Hole
    Not a moment too soon, Microsoft has announced a fix for that pesky “help flaw” involving ActiveX which Aunty first reported on here and again here just yesterday. Making this flaw even more devestating than some others is the…

    Trackback by Lockergnome's Windows Fanatics — 1/11/2005 @ 12:33 pm

RSS feed for comments on this post.

Leave a comment

Warning! All comments which contain URLs and are clearly just spam to generate a link back to the URL will be deleted on sight. Don't bother wasting your time!

If you are going to include a URL in your comment,
please keep it under 25 characters in length,
or use TinyURL to shorten it before including it in your comment.

Line and paragraph breaks are automatic, your email address is never displayed.
HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

(required)

(required)


We apologize for having to ask you to enter the letters and numbers you see in the image above to validate your comment, but we are being attacked by thousands of comment form spams every day!

 
The Internet Patrol
Patrolling the Internet for You!