WIndows Support Center patch due Tuesday
Microsoft has confirmed that this Tuesday, July 13th, it is planning to release a patch to fix the security vulnerability in its Help and Support Center. It's reported that the vulnerability is already being actively exploited by criminals to infect PCs. Infection merely requires a user to visit a specially crafted web page – many such web pages are present on ordinary websites which have been hacked. The main target at the moment is Windows XP, as the in-the-wild exploit does not yet work on other versions of Windows.
Microsoft is also planning to fix a two month old bug relating to Aero and display drivers used in the 64-bit version of Windows 7 and Server 2008. By displaying specially crafted images, an attacker could compromise a victim's system, although Microsoft has yet to fully explain the specifics of how the vulnerability might be exploited. Additionally, there are two updates to fix critical vulnerabilities in Office.
Support for all Windows 2000 products and for Windows XP SP2 also ends this month. There will then be no further patches and even critical security vulnerabilities will remain unfixed. The knowledge base will, however, still be maintained as a free online self-help resource.
- Microsoft vulnerabilities: full disclosure and no disclosure, a report from The H.
- Trojan attacks now almost solely from legitimate websites, a report from The H.