This update resolves a newly-discovered vulnerability. A remote code execution vulnerability exists in the Help and Support Center because of the way that it handles HCP URL validation. The vulnerability is documented in the Vulnerability Details section of this bulletin.
If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.
Microsoft recommends that customers install the update at the earliest opportunity.
|