Feeds

back to article Bug gives attackers complete control of Windows PCs

A security researcher has warned of a vulnerability in older versions of the Windows operating system that allows attackers to take full control of a PC by luring its user to a booby-trapped website. The flaw resides in the Windows Help and Support Center, a feature that provides users with online technical support. Malicious …

COMMENTS

This topic is closed for new posts.

Did I wake-up in 2003 again?

This will surely be an interesting one, as it develops. I haven't looked at what the remote ass. functionality allows; it is interesting that it's exploitable, yet, somehow, not surprising. A solid combination of techniques, as with many attacks lately. These folks should be hired for remote system admin, "Vhat, domain admin? Nyet, we no needink."

BTW, I love any article that mentions booby-trapped anything. Trapped, by boobies... I'll be back in ten, mind my system, kthx...

2
0
Thumb Up

Title

I bow down to your post !!

is one of the best i have seen :)

0
0
Bronze badge

Ah, I'm probably safe then.

And people call me an idiot for disabling both IE, *and* WMP.

1
0
Joke

Security minded

But you did not disable Windows? Idiot!

2
0
Silver badge

Now that's nasty

If the commands are embedded in the URL and Windows responds to them not even NoScript will save your arse. FF users beware!

0
1
Anonymous Coward

wtf?

"The attack works against most major browsers, including Internet Explorer 8 if the Windows Media Player is available."

Why does the otherwise completely unrelated media player have anything to do with this attack?

Just goes to show how closely the hill-billies at Microsoft like to tie their software together whether it makes sense to do so or not.

1
0
Silver badge

unrelated

Because WMP relies on a COM interface plug-in that boosts its own permission level.

0
0
FAIL

Yawn...

And this is news? how exactly?

I thought everyone knew that the biggest risk to IT security comes pre installed.

Yawn...

3
0
Anonymous Coward

RE: Yawn...

It only comes pre-installed if the OS box says "Windows" on the side.

1
0
Anonymous Coward

RE:RE:Yawn...

Nope I stand by what I said. with one little caveat. Im talking about generic retail products, like you'd buy from a highstreet store. I do understand you can buy proper computers from the shady hidden backstreet channels.

as for the generics 90% are 'infected' (as you state with windows) but 10% won't allow you any control over anything! because you are not grown up enough to look at boobies. There is most Definatly NOT an App for that! oh and that joke about the flasher and the nun, you know, one had a stroke and the other couldn't reach, well nope no flash either, poor nuns... oh and don't bother trying to run a marketing department because now advertising is all screwed too. In fact sod what you want to do! these devices might look shiny shiny bling bling, but in reality are just part of big stevies botnet... awaiting the next dictat from GOD@Apple.eden (Yes that really is an upper case email address but shhh dont tell anyone!)

0
0
Linux

One day they will wake from the Matrix

So is there (or ever has been) a Linux equivalent to this bug ?

Again just by visiting a webpage your Windows desktop can be put at the complete control of some scum.

Looks like google's move to ban windows is making more sense every day.

Neo wake up !

3
2
Silver badge
Gates Halo

Please...

Go away...

0
5

Thanks, MS

That's very helpful. This is the most useful thing Windows Help has done since letting you walk past the login screen into a command prompt.

4
0
Anonymous Coward

RE: Thanks, MS

"This is the most useful thing Windows Help has done since letting you walk past the login screen into a command prompt."

Sorry but you're completely right. Has anyone ever got any useful information from Windows Help?

2
0
Anonymous Coward

most useful part of Windows help

is where they ask "was this helpful?" and you can click No.

0
0

Fix

So... to help us poor noobs...

How exactly would one disable this service, and what are the ramifications of doing so?

I use VLC, so hopefully I won't miss this?

0
0
Silver badge

Stick with VCL

And turn off "Remote Help & Support".

0
0
Happy

Fix - @Jason Hall

While I don't know if it's an absolute "fix" or not*, disabling the Remote Assistance component certainly cannot hurt anything (unless of course you depend on this service):

Right click My Computer (on start menu or desktop) > Properties > Remote tab > uncheck "Allow remote assistance invitations to be sent from this computer" and (if on XP Pro) "Allow users to connect remotely to this computer".

The topmost choice is checked by default. (You'd think they'd learn, this is not the first time.)

The services themselves (services.msc console > Terminal Services) can be disabled to keep them from ever starting. That should also help to mitigate the attack.

If you have to use Terminal Services/Remote Desktop over an untrusted network, or you operate one that must face the public Internet for some reason, you'll do very well to also follow the advice presented at http://www.mobydisk.com/techres/securing_remote_desktop.html .

By default, Windows lets the system administrator account have access to the Remote Desktop/Terminal Services service and you have to deliberately stop it.

Versions of Windows for Desktop users (not servers) prior to XP don't have the Terminal Services/remote assistance component built in, nor do they have a help center service.

* that means I disclaim any and all liability, have not exhaustively tested this, I mean well but can't be sure and that if it doesn't work, I have never heard of you. Furthermore, users trying this may experience headaches, spontaneous human combustion, disappearance of their computer into a black hole, printer fires and/or telemarketing. IOW, proceed at your own risk!

1
0
Boffin

too abrupt?

http://www.lmgtfy.com/?q=how+to+install+linux

(No seriously if your a noob to PC's consider being a noob to something else, instead of investing thousands of hours into one dodgy system.)

1
0
Linux

@Jason

Right click My Computer, Properties, Remote tab. Turn off the two checkboxes.

If you want to be doubly sure, right click My Computer, Manage, Services, disable the Remote Desktop service.

Or, don't visit the booby-trapped website :-)

0
0
Linux

Re : too abrupt?

You are completely right.

I have 'rescued' various couples/friends Windows PC's that were riddled with virus/spyware to the point of being unusable by installing Linux - these people are not really computer literate in any way and didn't really understand Windows therefore I thought they would be perfect people to run Linux.

In every single case they have had absolutely 0 problems (i used to get called frequently when they ran windows...)

My mate's girlfriend even managed to Upgrade their Ubuntu version by accident - she thought she was doing a normal update - it was a complete successful upgrade (imagine the same thing happening with windows - i,e someone accidentally upgrading Windows XP -> Vista - and it being a complete success,...)

3
0
Gold badge

Linux isn't what it used to be...

and Ubuntu in particular. Expanding a bit on what yossarianuk commented on... I have some Ubuntu and some gentoo boxes and used to run slackware, I've been using Linux since 1993. As recently as 2007, I would recommend Linux just to technical users, it was much *better* than Windows but I would not say it was easier.. Ubuntu 7.10 (October 2007) was close. By Ubuntu 8.04 I found most things could be done strictly via the GUI, and I recommended it to people. Each release since has gotten "slicker" and easier to use while retaining the speed and power. The recently released Ubuntu 10.04 is VERY nice, and I've found a GUI method to do everything I've looked for so far, I would say it is easily easier than Windows to use now.

2
0
This topic is closed for new posts.