SupportSoft open to remote attack


SupportSoft open to remote attack

Antony Savvas

Remote customer support software used by a number of ISPs, IT suppliers and e-tailers could allow remote attackers to take over users’ systems, says the US Computer Emergency Response Team (Cert).

The vulnerabilities affect the widely used SupportSoft system, which has ActiveX controls that contain multiple buffer overflow vulnerabilities. The problem, which affects customers of BT, TalkTalk, CSC, Hilton Hospitality, IBM, Lockheed Martin and many others, has not been patched by most companies, says Cert.

Cert says the flaws could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

Symantec is said to have already provided a patch to its customers and SupportSoft itself has a patch available to download, said Cert. Users can also prevent an attack by disabling ActiveX controls in their browser.

Other suppliers’ users affected, according to Cert, include those with 3M, Automatic Data, Bank of America, Belgacom, BellSouth, Bharti Enterprises, Bresnan Communications, Casema, Charter Communications, Comcast, CompuCom Systems, Cox Communications, Essent, Kimberly-Clark, KPN International, and Marriott, among many others.

The full Cert security alert can be viewed here:

Microsoft fixes zero day flaws


Comment on this article:

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy