Microsoft Security Bulletin MS04-015 relates to a new vulnerability in the Help and Support Center which can be exploited remotely. If an attacker successfully exploited this vulnerability they may potentially be able to assume full control of the victim computer.
This vulnerability is only ranked as "Important" by Microsoft rather than "Critical" because of the extensive user interaction required to exploit it and the mitigating factors that can be used to protect even an unpatched system.
A successful attack would grant privileges to the attacker equal to those of the user currently logged on to the victim computer. It is widely preached that users should not have full administrative privileges and that even home users who are their own administrators should use a restricted account for everyday use and only log in as the Administrator when necessary. Following this security best practice would greatly limit the ability of even a successful attack to accomplish much on the victim computer.
There are a couple other mitigating factors which you can read about in the Microsoft Security Bulletin. Click on the link below for complete details and links to the appropriate patches for your Windows platform. This flaw affects versions of Windows XP and Windows 2003, but not Windows NT or Windows 2000.
-
Microsoft Security Bulletin MS04-015
Vulnerability in Help and Support Center Could Allow Remote Code Execution
Microsoft Criticality: Inportant
