![]() 1, about four weeks before publishing his findings. By Prodeus' account, he notified Microsoft of the flaw Feb. "Microsoft is concerned that this vulnerability was not responsibly disclosed, potentially putting customers at risk," said Jerry Bryant, a senior manager with the MSRC, in an e-mail. The company took Prodeus to task for taking the bug public, something it regularly does when researchers disclose a vulnerability or post sample attack code before a patch is available. The advisory explained how to entering a one-line command at a Windows command-line prompt to lock down the Help system. Users can also stymie attacks by disabling Windows Help. The security advisory made the same recommendation: "Our analysis shows that if users do not press the F1 key on their keyboard, the vulnerability cannot be exploited." "The prompt can appear repeatedly when dismissed, nagging the user to press the F1 key," Ross added. "As an interim workaround, users are advised to avoid pressing F1 on dialogs presented from Web pages or other Internet content," said David Ross with the Microsoft Security Response Center (MSRC) engineering staff in a blog entry on Monday. Until a patch is ready, users can protect themselves by not pressing the F1 key if a Web site tells them to, said Microsoft. Previously, Prodeus had said that users running IE7 and IE8 were at risk, but had not called out IE6. Windows 2000, Windows XP and Windows Server 2003 are impacted by the bug, said Microsoft, and any supported versions of Internet Explorer (IE) on those operating systems - including IE6 on Windows XP - could be leveraged by attackers. ![]() He rated the vulnerability as "medium" because of the required user interaction. A massive number of upcoming games that will be coming to the subscription programs on day one was unveiled as well, find all the details here.Last week, Prodeus called the bug a "logic flaw," and said attackers could exploit it by feeding users malicious code disguised as a Windows help file - such files have a ".hlp" extension - then convincing them to press the F1 key when a pop-up appeared. Monster Hunter World (Cloud and Console)Īside from the two waves of June games, Microsoft also delivered 10 more games to Game Pass during its E3 presentation earlier this month, adding Yakuza: Like a Dragon and a bunch of more Bethesda titles.Capcom: Infinite (Cloud, Console, and PC) Battle Chasers: Nightwar (Cloud, Console, and PC).Lastly, eight games are leaving the subscription programs on June 30: The titles are Dirt 5, Double Kick Heroes, Eastshade, Empire of Sin, Haven, Octopath Traveler, Torchlight III, and Yakuza: Like a Dragon. Meanwhile, Xbox Touch Controls have reached eight games for easier play sessions on mobile devices while using the cloud. The movie tie-in title will be exclusive to the subscription until July 15, and it will become a free-to-play experience afterwards. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |