Wednesday, November 7, 2012

An Expose on Security and Microsoft Help in Browsers


There are many security threats faced by computer users, mostly from Internet. Today every software developer is trying to make their platform and internet applications secure. Microsoft help Websites give you detailed descriptions about the unnoticed daily vulnerabilities left by a user in their computer. The main security vulnerabilities which help others attack your PC are given here.

Security Vulnerability due to Shortcut Command
One among the best traits of the Compiled HTML Help is its ability to execute programs, a concession not seen in regular un-compiled web pages. This property is achieved by the use of the shortcut command, which is only possible through the HTML Help ActiveX Control. A Help topic that contains instructions to open the printer settings dialog is able to provide a shortcut button that allows users to open that dialog with a single click, is an example of using the shortcut command.
Security restrictions are imposed on HTML Help files. These restrictions only allow trusted HTML Help files to use them. However, two flaws, which have recently been identified that allows this restriction to be bypassed. The HTML Help facility determines the Security Zone in a wrong manner and subsequently opens some malware. The second flaw is that it handles these files in a very wrong manner. The Html Help does not care about the contents inside the folder.

Unchecked Buffer
Many functions are exposed due to some faults or misconceptions made at the time of programming. One such function exposed through the HTML Help control is an unchecked buffer. If you can, check any of Microsoft's security bulletins over recent months. Then you can probably become familiar with the term unchecked buffer, since it is the origin of many of the security vulnerabilities being utilized by attackers. In software field, buffer is a kind of space where data is stored temporarily while it is being used. An unchecked buffer is the buffer where the software does not verify the validity of the data being stored for that buffer.
Attackers exploit unchecked buffer to insert hostile code inside a program. It is also used to crash the programs by overflowing the program. There are a lot of means to achieve this, web page hosted on an attacker's site or sent to a user as an HTML mail being the examples. An attacker utilizing this vulnerability will be able to gain the same privileges as the user on the system.
Check Microsoft Help Websites, as they provide support for users to remove these vulnerabilities.

No comments:

Post a Comment