Blog | G5 Cyber Security

Googler Drops Windows Zero-Day, Microsoft Unhappy

Google security researcher Tavis Ormandy has released details of a zero-day vulnerability affecting the Microsoft Windows Help and Support Center without giving Microsoft adequate time to prepare a patch. The vulnerability, which is due to improper sanitization of hcp:// URIs may allow a remote, unauthenticated attacker to execute arbitrary commands. Microsoft is expected to issue a formal security advisory with workarounds and mitigation guidance later today. Affected Windows users can unregister the HCP protocol to protect themselves using the following steps.

Source: https://threatpost.com/googler-drops-windows-zero-day-microsoft-unhappy-061010/74093/

Exit mobile version