Microsoft patches big security hole this Tuesday

July 9, 2010

This coming Tuesday 13th July, Microsoft is set to fix a big security hole in the Windows Help and Support Center (HSC).

The HSC is used to provide help to users and is able download and install software updates.  However, a bug exists that allows a website to launch the HSC using hcp:// instead of http://.  So hackers are able to substitute the url to download malicious software.

But a big problem with this security hole is that the exploit gives the remote application the same privileges as the logged on user.  Unknowingly many users run their desktop as an administrator so operate with elevated permissions.  This means that the remote server is able to issue instructions to download and install any software; including Trojans and viruses.

Microsoft acknowledged that this type of bug is being exploited more quickly and effectively by the criminal gangs.

So make sure you visit the windows update centre to protect yourself online.

Updating

The easiest way to check and updated your PC is to visit http://update.microsoft.com/ and follow the onscreen instructions.