TechTarget

SupportSoft open to remote attack

Remote customer support software used by a number of ISPs, IT suppliers and e-tailers could allow remote attackers to take over users’ systems, says the US Computer Emergency Response Team (Cert).

Remote customer support software used by a number of ISPs, IT suppliers and e-tailers could allow remote attackers to take over users’ systems, says the US Computer Emergency Response Team (Cert).

The vulnerabilities affect the widely used SupportSoft system, which has ActiveX controls that contain multiple buffer overflow vulnerabilities. The problem, which affects customers of BT, TalkTalk, CSC, Hilton Hospitality, IBM, Lockheed Martin and many others, has not been patched by most companies, says Cert.

Cert says the flaws could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

Symantec is said to have already provided a patch to its customers and SupportSoft itself has a patch available to download, said Cert. Users can also prevent an attack by disabling ActiveX controls in their browser.

Other suppliers’ users affected, according to Cert, include those with 3M, Automatic Data, Bank of America, Belgacom, BellSouth, Bharti Enterprises, Bresnan Communications, Casema, Charter Communications, Comcast, CompuCom Systems, Cox Communications, Essent, Kimberly-Clark, KPN International, and Marriott, among many others.

The full Cert security alert can be viewed here:

http://www.kb.cert.org/vuls/id/441785

Microsoft fixes zero day flaws

 

Comment on this article: computer.weekly@rbi.co.uk

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close