A high-risk vulnerability has been detected in Microsoft Corp. systems,which could be exploited to spread a new virus or worm, according to a Symantec Corp. advisory issued this week.
Symantec warned users to patch their machines immediately to avoid any adverse effects. The patch can be downloaded from the Microsoft site at http://www.microsoft.com/security/security_bulletins/200405_windows.asp. Symantec analysts have rated this vulnerability as a high risk, due to the impact if the vulnerability was successfully exploited.
The vulnerability is in the Help and Support Center (HSC) of Microsoft Windows, which is a feature in Windows that provides help on a variety of topics, such as downloading software updates. If exploited, the HSC vulnerability could allow remote code execution, allowing an attacker to gain complete control of an affected system. This would allow the attacker the ability to install programs, view or change information, or create new accounts with full privileges. Windows operating systems that are affected include Microsoft XP and Microsoft Server 2003.
Users are encouraged to apply the security patch for the HSC vulnerability as soon as possible. Symantec reminds users that it is important to exercise caution when browsing the Internet, and when reading e-mail. The success of recent e-mail and Web-based threats, such as the NetSky and Bagle variants, reinforce the importance of validating content received from outside parties. Symantec cautions users to be suspicious of actions that they are asked to perform by unknown parties.