Urges immediate download of security patch from Microsoft site
Dubai – United Arab Emirates: A high risk vulnerability has been detected in Microsoft systems, that could be exploited to spread a new virus or worm, according to a Symantec advisory issued here today.
Symantec warned users to patch their machines immediately to avoid any adverse effects. The patch can be downloaded from the Microsoft site -- Security Bulletin MS04-015 (Vulnerability in Help and Support Center): http://www.microsoft.com/security/security_bulletins/200405_windows.asp
Symantec analysts have rated this vulnerability as a high risk due to the impact if the vulnerability was successfully exploited.
The vulnerability is in the Help and Support Center (HSC) of Microsoft Windows, which is a feature in Windows that provides help on a variety of topics such as downloading software updates, etc. If exploited, the HSC vulnerability could allow remote code execution, allowing an attacker to gain complete control of an affected system. This would allow the attacker the ability to install programs, view or change information, or create new accounts with full privileges. Windows operating systems that are affected include Microsoft XP and Microsoft Server 2003.
Users are encouraged to apply the security patch for the HSC vulnerability as soon as possible. Symantec reminds users that it is important to exercise caution when browsing the Internet, and when reading email. The success of recent email and web-based threats such as the Netsky and Bagle variants reinforce the importance of validating content received from outside parties. Symantec cautions users to be suspicious of actions that they are asked to perform by unknown parties.
Keep Systems Updated
"Symantec urges computer users to always keep their systems up to date, no matter how severe the vulnerability," said Kevin Isaac, Regional Director Middle East & Africa. "Also, because hackers and virus writers are getting more sophisticated in the use of social engineering, users need to exercise great caution when clicking on links and visiting unfamiliar websites."
In addition, Symantec strongly advises Windows users to apply the security patch for the Local Security Authority Subsystem Service Vulnerability, announced on 13th April in the MS Security Bulletin MS04-011. This vulnerability still poses a significant threat and users should take immediate steps to ensure their systems are protected. Additional information can be found at http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx
-Ends-
About Symantec
Symantec is the global leader in information security providing a broad range of software, appliances, and services designed to help individuals, small and mid-sized businesses, and large enterprises secure and manage their IT infrastructure. Symantec's Norton brand of products is the worldwide leader in consumer security and problem-solving solutions. Headquartered in Cupertino, Calif., Symantec has operations in more than 35 countries. More information is available at http://www.symantec.com.
For more information please contact:
Aimee Peters,
PR Manager Symantec Middle East & Africa
Tel: +971 4 390 1795
Or, Yasser Fathy,
Managing Director,
Arabia PR
Tel: + 971 4 391 12 00,
Fax: + 9714 390 45 11
E-mail: yasser@dubaimediacity.net
© Press Release 2004
