Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Investigating a new win32hlp and Internet Explorer issu

28 Feb 2010   #1
SGT Oddball

 
Investigating a new win32hlp and Internet Explorer issu

Quote:
Hi everyone,

On Friday 2/26/2010, an issue was posted publicly that could allow an attacker to host a maliciously crafted web page and run arbitrary code if they could convince a user to visit the web page and then get them to press the F1 key in response to a pop up dialog box. We are not aware of any attacks seeking to exploit this issue at this time and in the current state of our investigation, we have determined that users running Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista, are not affected by this issue.

The issue in question involves the use of VBScript and Windows Help files in Internet Explorer. Windows Help files are included in a long list of what we refer to as “unsafe file types”. These are file types that are designed to invoke automatic actions during normal use of the files. While they can be very valuable productivity tools, they can also be used by attackers to try and compromise a system. To help customers better understand unsafe file types, we have published a white paper on the topic which you can find by clicking this link.

Once we have completed our investigation, we will take appropriate action to protect customers. To minimize risk to computer users, Microsoft continues to encourage responsible disclosure. Reporting vulnerabilities directly to vendors without further disclosure helps ensure that customers receive comprehensive, high-quality updates before cyber criminals learn of – and work to exploit – a vulnerability. Responsible disclosure protects the computer ecosystem and individual computer users from harm.

Anyone believed to have been affected can visit: http://www.microsoft.com/protect/support/default.mspx and should contact the national law enforcement agency in their country.  Those in the United States can contact Customer Service and Support at no charge (for computer security related issues) using the PC Safety hotline at 1-866-727-2338 (PCSAFETY). Customers outside of the United States can visit http://support.microsoft.com/international to find local support information.

We continue to encourage customers to follow the “Protect Your Computer” guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. Additional information can be found at: www.microsoft.com/protect.

We will provide more information on this issue as it becomes available.

Thanks,

Jerry Bryant
Sr. Security Communications Manager Lead

*This posting is provided "AS IS" with no warranties, and confers no rights.*

More...


My System SpecsSystem Spec
.

01 Mar 2010   #2
NoN

Windows 7 Professional SP1 - x64 [Non-UEFI Boot]
 
 

Could be this related in my previous thread? :

Script Attack while browsing DeviantArt

"...The issue in question involves the use of VBScript and Windows Help files in Internet Explorer. Windows Help files are included in a long list of what we refer to as “unsafe file types”. These are file types that are designed to invoke automatic actions during normal use of the files. While they can be very valuable productivity tools, they can also be used by attackers to try and compromise a system..."
My System SpecsSystem Spec
Reply

 Investigating a new win32hlp and Internet Explorer issu




Thread Tools





Similar help and support threads
Thread Forum
Oracle investigating after two more Java 7 zero-day flaws found
Oh geeez...it's never going to end is it?:sarc: Oracle investigating after two more Java 7 zero-day flaws found | ZDNet
Security News
Microsoft Still Investigating Old IE Bug
Details...
News
Investigating Themes & Selected Items Color
All I want to achieve is a solid color behind selected items, like XP's blue instead of Vista/7's transparent sky-blue, in an aero environment. http://i23.photobucket.com/albums/b365/lilsting10/image1.png By using the "ultimate theme patcher" software to patch 3 system files...
Themes and Styles
Microsoft investigating battery problems
Apparently Microsoft is investigating battery issues with Windows 7. Cnet news is reporting that Microsoft is investigating an issue that arises where the OS will display a warning message to replace the battery, reporting it as faulty. Microsoft says it is looking into a problem that...
News
Microsoft investigating new IE browser vulnerability
Full story: Microsoft investigating new IE browser vulnerability | Zero Day | ZDNet.com
News
Pioneer DVR K06 MISSING in Windows 7 (possible DMA issu
Greetings to everyone I’ve been experiencing issues with my Pioneer DVR K06 slim DVDRW drive that is connected to my HTPC. Being a slim laptop drive I have attached a sata adapter which is detected in the bios, and allows me to boot from the disc, but when booting into Windows 7 x86 & the drive...
Hardware & Devices

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 08:31.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App