Microsoft cho biet dang dieu tra them ve lo hong bao mat
tep tin Windows Help moi duoc phat hien dong thoi canh bao ma doc tan cong loi
nay da xuat hien tren Internet.
Thuc te loi nay da duoc McAfee phat hien va thong bao cho Microsoft tu ngay 11/4
cung voi 3 loi duoc xem la zero-day khac trong Office. Ngay sau do Microsoft da
len tieng phu nhan 3 loi zero-day dong thoi phat di canh bao ve loi Windows
Help.
Loi tep ten Windows Help thuc chat la mot loi bao mat tran bo nho dem. Loi nay
ton tai trong Windows XP, Windows Server 2003, Windows NT va Windows 2000.
 Hang
bao mat Security Focus cho biet loi nay phat sinh khi ung dung Help File Viewer
khong the thuc hien kiem tra bien bo nho truoc khi sao chep du lieu sang bo nho
dem. Loi xay ra neu ung dung phai xu ly mot tep tin Windows Help doc hai.
"Neu khai thac thanh cong loi bao mat tin tac co the gianh duoc quyen thuc
thi ma lenh tren he thong mac loi. Con neu khong thanh cong thi chung cung gay
ra mot vu tan cong tu choi dich vu," Security Focus cho biet.
Nguoi phat ngon cua Microsoft khang dinh hang dang dieu tra them ve lo hong nay
dong thoi khang dinh tu truoc den nay Microsoft luon xem tep tin Windows Help la
mot chuan dinh dang nguy hiem tuong tu "exe". Hang khuyen cao nguoi dung khong
nen mo nhung tep tin nay ra neu chung duoc gui den tu mot nguon khong ro rang.
Phat bieu tren trang blog cua minh, ong Hon Lau - mot chuyen gia cua Security
Response Team cua Symantec - cho biet hien chua co vu tan cong nao nham muc tieu
vao loi Windows Help va phat tan rong.
Tuy nhien, ong Lau cung cho biet hien da xuat hien ma doc co ten
Bloodhound.Exploit.135 co kha nang tan cong loi Windows Help. Ma doc nay da duoc
phat tan tren mang Internet.
Theo Informationweek, VnMedia
Article source http://w4rum.com/1313.t
| 