SupportSoft open to remote attack

News

SupportSoft open to remote attack

Antony Savvas

Remote customer support software used by a number of ISPs, IT suppliers and e-tailers could allow remote attackers to take over users’ systems, says the US Computer Emergency Response Team (Cert).

The vulnerabilities affect the widely used SupportSoft system, which has ActiveX controls that contain multiple buffer overflow vulnerabilities. The problem, which affects customers of BT, TalkTalk, CSC, Hilton Hospitality, IBM, Lockheed Martin and many others, has not been patched by most companies, says Cert.

Cert says the flaws could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

Symantec is said to have already provided a patch to its customers and SupportSoft itself has a patch available to download, said Cert. Users can also prevent an attack by disabling ActiveX controls in their browser.

Other suppliers’ users affected, according to Cert, include those with 3M, Automatic Data, Bank of America, Belgacom, BellSouth, Bharti Enterprises, Bresnan Communications, Casema, Charter Communications, Comcast, CompuCom Systems, Cox Communications, Essent, Kimberly-Clark, KPN International, and Marriott, among many others.

The full Cert security alert can be viewed here:

http://www.kb.cert.org/vuls/id/441785

Microsoft fixes zero day flaws

 

Comment on this article: computer.weekly@rbi.co.uk


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy